Biometric Identity Assurance Services (BIAS) …docs.oasis-open.org/bioserv/BIAS/v2.0/csd01/BIAS-v2.… · Web viewBIAS defines biometric services used for identity assurance that
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Additional artifacts:This prose specification is one component of a Work Product which also includes: XML schemas: http://docs.oasis-open.org/bioserv/BIAS/v2.0/csd01/schemas/
Related work:This specification is related to: ISO/IEC 30108-1:2015, Biometric Identity Assurance Services (BIAS). http://www.iso.org.
Declared XML namespaces: http://docs.oasis-open.org/bioserv/ns/bias-2.0 http://docs.oasis-open.org/bioserv/ns/biaspatronformat-2.0
Abstract:BIAS defines biometric services used for identity assurance that are invoked over a services-based framework. It is intended to provide a generic set of biometric and identity-related functions and associated data definitions to allow remote access to biometric services.
Status:This document was last revised or approved by the OASIS Biometric Services (BIOSERV) TC on the above date. The level of approval is also listed above. Check the “Latest version” location noted above for possible later revisions of this document. Any other numbered Versions and other technical work produced by the Technical Committee (TC) are listed at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=bioserv#technical.
TC members should send comments on this specification to the TC’s email list. Others should send comments to the TC’s public comment list, after subscribing to it by following the instructions at the “Send A Comment” button on the TC’s web page at https://www.oasis-open.org/committees/bioserv/.For information on whether any patents have been disclosed that may be essential to implementing this specification, and any offers of patent licensing terms, please refer to the Intellectual Property Rights section of the TC’s web page (https://www.oasis-open.org/committees/bioserv/ipr.php).
Citation format:When referencing this specification the following citation format should be used:[BIASPROFILE]Biometric Identity Assurance Services (BIAS) SOAP Profile Version 2.0. Edited by Kevin Mangold and Karen Marshall. 21 April 2016. OASIS Committee Specification Draft 01. http://docs.oasis-open.org/bioserv/BIAS/v2.0/csd01/BIAS-v2.0-csd01.html. Latest version: http://docs.oasis-open.org/bioserv/BIAS/v2.0/BIAS-v2.0.html.
Table of Contents1 Introduction......................................................................................................................................... 9
1.1 Purpose/Scope.................................................................................................................................. 91.2 Overview........................................................................................................................................... 91.3 Background....................................................................................................................................... 91.4 Relationship to Other Standards.....................................................................................................101.5 Terminology..................................................................................................................................... 101.6 References...................................................................................................................................... 11
3 Data dictionary.................................................................................................................................. 173.1 Documentation Conventions.....................................................................................................173.2 Common Elements.......................................................................................................................... 18
5 Message structure and rules...........................................................................................................1165.1 Purpose and constraints...............................................................................................................1165.2 Message requirements..................................................................................................................1175.3 Handling binary data......................................................................................................................118
5.3.1 Base64 encoding...................................................................................................................1185.3.2 Use of XOP............................................................................................................................ 119
5.5.1 Operation name element........................................................................................................1195.5.2 WS-Addressing Action...........................................................................................................120
5.6 Security......................................................................................................................................... 1215.6.1 Use of SSL 3.0 or TLS 1.0......................................................................................................1215.6.2 Data Origin Authentication......................................................................................................1215.6.3 Message Integrity................................................................................................................... 1215.6.4 Message Confidentiality.........................................................................................................1215.6.5 CBEFF BIR security features.................................................................................................1225.6.6 Security Considerations.........................................................................................................1225.6.7 Security of Stored Data..........................................................................................................122
5.6.8 Key Management...................................................................................................................1225.7 Use with other WS* standards.......................................................................................................1225.8 Tailoring......................................................................................................................................... 122
7 Conformance................................................................................................................................... 125Appendix A. XML Schema................................................................................................................. 126Appendix B. BIAS Patron format specification...................................................................................249
B.1 Patron........................................................................................................................................... 249B.2 Patron identifier............................................................................................................................. 249B.3 Patron format name...................................................................................................................... 249B.4 Patron format identifier.................................................................................................................. 249B.5 ASN.1 object identifier for this patron format.................................................................................249B.6 Domain of use............................................................................................................................... 249B.7 Version identifier........................................................................................................................... 249B.8 CBEFF version.............................................................................................................................. 249B.9 General......................................................................................................................................... 250B.10 Specification................................................................................................................................ 250B.11 Element <BIR>............................................................................................................................ 251
B.12 Element <Version>......................................................................................................................252B.12.1 Syntax.................................................................................................................................. 252B.12.2 Semantics............................................................................................................................ 252
B.13 Element <CBEFFVersion>..........................................................................................................253B.13.1 Syntax.................................................................................................................................. 253B.13.2 Semantics...................................................................................................................... 253
B.14 Element <BIRInfo>...................................................................................................................... 253B.14.1 Syntax.................................................................................................................................. 253B.14.2 Semantics............................................................................................................................ 254
B.15 Element <BDBInfo>.................................................................................................................... 255B.15.1 Syntax.................................................................................................................................. 255B.15.2 Semantics............................................................................................................................ 257
B.16 Element <SBInfo>.......................................................................................................................261B.16.1 Syntax.................................................................................................................................. 261B.16.2 Semantics............................................................................................................................ 262
B.17 Representation of Integers..........................................................................................................262B.18 Representation of Octet Strings..................................................................................................262B.19 Representation of Date and Time of the Day..............................................................................263B.20 Representation of Universally Unique Identifiers........................................................................264B.21 Patron format conformance statement........................................................................................264
B.21.1 Identifying information..........................................................................................................264B.21.2 ISO/IEC 19785-1:2006/Amd 1:2010 to Patron Format Mapping..........................................264
B.22 XML schema of the BIAS patron format......................................................................................266
B.23 Sample BIR encoding.................................................................................................................269Appendix C. Use Cases (non-normative)...........................................................................................271
C.1 Verification Use Case...................................................................................................................271C.2 Asynchronous Verification Use Case............................................................................................272C.3 Primitive Verification Use Case.....................................................................................................273C.4 Identification Use Case.................................................................................................................274C.5 Biometric Enrollment Use Case....................................................................................................275C.6 Primitive Enrollment Use Case.....................................................................................................276
Appendix D. Samples (non-normative)...............................................................................................277D.1 Create Subject Request/Response Example................................................................................277D.2 Set Biographic Data Request/Response Example........................................................................279D.3 Set Biometric Data Request/Response Example..........................................................................280
Appendix E. Acknowledgements........................................................................................................283Appendix F. Revision History.............................................................................................................284
1 Introduction1.1 Purpose/ScopeThis Organization for the Advancement of Structured Information Standards (OASIS) Biometric Identity Assurance Services (BIAS) profile specifies how to use the eXtensible Markup Language (XML) [XML10] defined in ISO/IEC 30108-1:2015, Information technology — Biometric Identity Assurance Services [ISO/IEC-BIAS] to invoke Simple Object Access Protocol (SOAP) -based services that implement BIAS operations. These SOAP-based services enable an application to invoke biometric identity assurance operations remotely in a Services Oriented Architecture (SOA) infrastructure.Not included in the scope of BIAS is the incorporation of biometric authentication as an integral component of an authentication or security protocol. (However, BIAS services may be leveraged to implement biometric authentication in the future.)
1.2 OverviewIn addition to this introduction, this standard includes the following:
Clause 2 presents the design concepts and architecture for invoking SOAP-based services that implement BIAS operations.
Clause 3 presents the namespaces necessary to implement this profile, ISO/IEC BIAS data elements, and identifies relationships to external data definitions.
Clause 4 specifies the content of the BIAS messages. Clause 5 presents the BIAS message structure, as well as rules and considerations for its
application. Clause 6 presents information on error handling. Clause 7 specifies conformance requirements. Annexes include the OASIS BIAS XML schema/sample Web Service Definition Language
(WSDL), BIAS CBEFF Patron Format, use cases, sample code, acknowledgements, and the revision history of this profile.
1.3 BackgroundIn late 2005/early 2006, a gap was identified in the existing biometric standards portfolio with respect to biometric services. The Biometric Identity Assurance Services standard proposal was for a collaborative effort between government and private industry to provide a services-based framework for delivering identity assurance capabilities, allowing for platform and application independence. This standard proposal required the attention of two major technical disciplines: biometrics and service architectures. The expertise of both disciplines was required to ensure the standard was technically sound, market relevant, and achieved widespread adoption. The International Standards Organization and the International Electrotechnical Commission (ISO/IEC) provided the standards leadership relevant to biometrics, defining the “taxonomy” of biometric operations and data elements. OASIS provided the standards leadership relevant to service architectures with an initial focus on web services, defining the schema and SOAP messaging.The driving requirements of the BIAS standard proposal were to provide the ability to remotely invoke biometric operations across an SOA infrastructure; to provide business level operations without constraining the application/business logic that implements those operations; to be as generic as possible – technology, framework, & application domain independent; and to provide basic capabilities that can be used to construct higher level, aggregate/composite operations.
1.4 Relationship to Other StandardsThis OASIS BIAS profile comprises a companion standard to ISO/IEC 30108-1:2015, Information technology — Biometric Identity Assurance Services, which defines the BIAS requirements and taxonomy, specifying the identity assurance operations and the associated data elements. This OASIS BIAS profile specifies the design concepts and architecture, data model and data dictionary, message structure and rules, and error handling necessary to invoke SOAP-based services that implement BIAS operations.Together, the BIAS standard and the BIAS profile provide an open framework for deploying and remotely invoking biometric-based identity assurance capabilities that can be readily accessed across an SOA infrastructure.This relationship allows the leveraging of the biometrics and web services expertise of the two standards development organizations. Existing standards are available in both domains and many of these standards will provide the foundation and underlying capabilities upon which the biometric services depend.
1.5 TerminologyThe key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].The following additional terms and definitions are used:Note: The terms and definitions specified in ISO/IEC 30801-1 [ISO/IEC-BIAS] also apply to this Standard.
BIAS operation and data element names are not defined here, but in their respective sections.
BIAS Biometric Identity Assurance Services
BIR Biometric Information Record
ESB Enterprise Service Bus
HTTPHyperText Transfer Protocol
HTTPSHyperText Transfer Protocol over SSL or HTTP Secure
IRIInternationalized Resource Identifier
SOA Service-Oriented Architecture
SOAPSimple Object Access Protocol
SSLSecure Sockets Layer
TLSTransport Layer Security
UDDIUniversal Description, Discovery, and Integration
CBEFFCommon Biometric Exchange Formats Framework - data elements and BIR formats specified in ISO/IEC 19785-1
BIAS implementationsoftware entity that is capable of creating, processing, sending, and receiving BIAS messages
BIAS endpointruntime entity, identified by an endpoint URI/IRI, capable of sending and receiving BIAS messages, and containing a running BIAS implementation
BIAS messagemessage that can be sent from a BIAS endpoint to another BIAS endpoint through a BIAS link channel
BIAS request messageBIAS message conveying a request for an action to be performed by the receiving BIAS endpoint
BIAS response messageBIAS message conveying a response to a prior BIAS requestmessage
1.6 References
1.6.1 Normative References[RFC2119] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, IETF RFC 2119,
March 1997http://www.ietf.org/rfc/rfc2119.txt
[CBEFF] ISO/IEC19785-1:2006, Information technology – Common Biometric Exchange Formats Framework – Part 1: Data element specification, with Amendment 1:2010http://www.iso.org
[DATE-TIME] ISO 8601:2004, Data elements and interchange formats — Information interchange — Representation of dates and timeshttp://www.iso.org
[URI] T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifiers (URI): Generic Syntax, RFC 3986, MIT/LCS, U.C. Irvine, Xerox Corporation, January 2005.http://ietf.org/rfc/rfc3986
[UTF-8] ISO/IEC 10646:2003, Information technology — Universal Multiple-Octet Coded Character Set (UCS)http://www.iso.org
[WS-Addr] W3C Recommendation,Web Services Addressing 1.0 - Core, and Web Services Addressing 1.0 - SOAP Binding, 9 May 2006http://www.w3.org/2002/ws/addr/
[WS-I-Basic] Basic Profile Version 1.1, 10 April 2006http://www.ws-i.org/Profiles/BasicProfile-1.1-2006-04-10.html
[WS-I-Bind] Web Services-Interoperability Organization (WS-I) Simple SOAP Binding Profile Version 1.0, 24 August 2004http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html
[WSDL11] Web Services Description Language (WSDL) 1.1, 15 March 2001http://www.w3.org/TR/2001/NOTE-wsdl-20010315
[XML 10] Extensible Markup Language (XML) 1.0, 16 August 2006http://www.w3.org/TR/2006/REC-xml-20060816/
[XOP] XML-binary Optimized Packaging, W3C Recommendation, 25 January 2005http://www.w3.org/TR/2005/REC-xop10-20050125/
Interface – Part 1: BioAPI Specificationhttp://www.iso.org
[CBEFF-3] ISO/IEC19785-3:2007, Information technology – Common Biometric Exchange Formats Framework – Part 3: Patron format specifications, with Amendment 1:2010http://www.iso.org
[EBTS-DOD] Department of DefenseElectronic Biometric TransmissionSpecification, Version 2.0, 27 March 2009http://www.biometrics.dod.mil/CurrentInitiatives/Standards/dodebts.aspx
[EBTS-FBI] IAFIS-DOC-01078-8.1, “Electronic Biometric Transmission Specification (EBTS)”, Version 8.1, November 19, 2008, Federal Bureau of Investigation, Criminal Justice Information Services Divisionhttps://www.fbibiospecs.org
[EFTS] IAFIS-DOC-01078-7, “Electronic Fingerprint Transmission Specification (EFTS)”, Version 7.1, May 2, 2005, Federal Bureau of Investigation, Criminal Justice Information Services Divisionhttps://www.fbibiospecs.org
[HR-XML] HR-XML Consortium Library, 2007 April 15http://www.hr-xml.org
[INT-I] Interpol Implementation of ANSI/NIST ITL1-2000, Ver 4.22b, October 28, 2005, The Interpol AFIS Expert Grouphttp://www.interpol.int
[NIEM] National Information Exchange Model (NIEM), Ver 2.0, June 2007, US DOJ/DHShttp://www.niem.gov
[RFC2246] T. Dierks & C. Allen,The TLS Protocol, Version 1.0, January 1999http://www.ietf.org/rfc/rfc2246.txt
[RFC2617] J. Franks, et al, HTTP Authentication: Basic and Digest Access Authentication, June 1999http://www.ietf.org/rfc/rfc2617.txt
[RFC3280] R. Housley, et al, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002http://www.ietf.org/rfc/rfc3280.txt
[SAML]Security Assertion Markup Language (SAML), Oasis Standard, March 2005http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
[SAML SEC] Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0, Oasis Standard, 15 March 2005http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
[WSS] Web Services Security: SOAP Message Security 1.1, (WS-Security 2004), OASIS Standard Specification, 1 February 2006http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
[X509] X.509: Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks, ITU-T, August 2005http://www.itu.int/rec/T-REC-X.509-200508-I
[xNAL] Customer Information Quality Specifications Version 3.0: Name (xNL), Address (xAL), Name and Address (xNAL) and Party (xPIL), Committee Specification 02, 20 September 2008 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ciq
2 Design Concepts and Architecture (non-normative)2.1 PhilosophyRather than define a totally new and unique messaging protocol for biometric services, this specification instead defines a method for using existing biometric and Web services standards to exchange biometric data and perform biometric operations.
2.2 ContextToday, biometric systems are being developed which collect, process, store and match biometric data for a variety of purposes. In many cases, data and/or capabilities need to be shared between systems or systems serve a number of different client stakeholders. As architectures move towards services-based frameworks, access to these biometric databases and services is via a Web services front-end. However, lack of standardization in this area has led implementers to develop customized services for each system/application.BIAS is intended to provide a common, yet flexible, Web services interface that can be used within both closed and open SOA systems. Figure 1, below, depicts the context in which the BIAS messages will be implemented.
Subject Client(Requester)
System/Application
A
BIAS MessagesBIAS
ServiceProvider
Administrator
BiometricResources
Subject Client(Requester)
System/Application
N
Figure 1. BIAS Context
The clients (requesters) may use standard discovery mechanisms (i.e., UDDI directories) to discover the BIAS service provider (implementation) or, particularly in closed systems, the URI/IRI and WSDL for the service provider may be known a priori by the client BIAS application developer.
2.3 ArchitectureBIAS Web services are intended to be used within systems employing a services framework, such as a services-oriented architecture (SOA) (although implementations are not limited to this environment). As such, it is recognized that the clients may interact directly with the BIAS service provider or layers may exist between the client and the service provider, for example as an ESB or other application layer.The BIAS Architecture as shown in Figure 2, in which:
A Client request to the BIAS Web services may be triggered by a human interaction OR any proxy system such as an ESB.
Client sends and receives SOAP messages that conform to the BIAS schemas Calls to the BIAS Implementation use OASIS Service Interfaces and Bindings (via WSDL) The BIAS implementation maps the service call to the appropriate internal API or set of APIs
and returns data according to the service interface. Note that services are represented as circles.
Figure 2. Representative BIAS Architecture
NOTE: It is possible that BIAS may also be used between the service provider and the managed resource (e.g., a biometric matcher).
At the heart of the BIAS SOAP Profile are the concepts of BIAS messages and endpoints.
BIAS implementationA BIAS implementation is a software entity that is capable of creating, processing, sending, and receiving BIAS messages. This standard does not define requirements for the BIAS implementation other than defining the messages and protocols used by the endpoints.BIAS messages
A BIAS message is a one that can be sent from a BIAS endpoint to another BIAS endpoint over a TCP/IP link.BIAS endpointsA BIAS endpoint is a runtime entity, uniquely identified and accessed by an endpoint URI/IRI [URI] [IRI], capable of sending and receiving BIAS messages.
NOTE: When not publicly and directly exposed, the endpoints for purposes of this specification are the BIAS service provider exposing BIAS services and the component that directly interacts with that service provider, e.g., the business application or ESB, rather than the ultimate end client requester.
3 Data dictionaryThis section describes the BIAS data elements used within BIAS messages (as defined in Clause 4). Common data elements are defined for use in one or more operations. These include common data types or return codes. BIAS data elements are defined in ISO/IEC 30108-1. The elements, complex types and simple types described for the BIAS messages belong to the following namespace: http://docs.oasis-open.org/bias/ns/bias-1.0/. See Annex A for the XML schema.
NOTE: Biographic and biometric data included in a native XML format MAY contain elements referencing external namespaces (e.g., ansi-nist).
3.1 Documentation ConventionsEach common element has a section describing its content. Likewise, each operation has a section describing the request and response messages and the associated input and output parameters. The input and output of each message and the comment elements are detailed in a table as described in the figure below. Each field that forms part of the message request/response is detailed in the table.
Header Name
Description Values Value Meaning
Field The name of the field.
Type The XML schema type of the field.
# The cardinality of the field 1 One occurrence
0..1 Zero or one occurrence
0..* Zero or more occurrences
1..* One or more occurrences
? Defines if the field must be present. Y Yes – is always required
N No – is not always required, an optional field.
C Conditional – requirement is dependent on system or message conditions.
Meaning Gives a short description of the field’s use
IDENTIFICATION_RESULT_NOT_YET_AVAILABLE The result of an asynchronous identification process is not yet available.
UNKNOWN_FORMAT An unknown format was detected.
INVALID_LICENSE An invalid license was found.
SERVICE_NOT_IMPLEMENTED The requested service/function is not implemented.
INVALID_ENCOUNTER_TYPE The input encounter type is not a recognized category.
INVALID_PROCESSING_OPTION The supplied processing options are invalid.
CANNOT_STORE_DATA Data cannot be stored due to an internal reason.
CANNOT_PROCESS_DATA Data cannot be processed.
CANNOT_CREATE_TEMPLATE A biometric template could not be created from the raw input data (either for purpose enroll or verify/identify).
CANNOT_DELETE_DATA Data cannot be deleted.
CANNOT_RETRIEVE_DATA Data cannot be retrieved (read).
CANNOT_INITIALIZE_INTERNAL_MODULES Internal modules cannot be initialized and/or loaded.
CANNOT_VERIFY_DATA Cannot perform a 1:N verification of the supplied and/or stored data.
CANNOT_IDENTIFY_DATA Cannot perform a 1:N identification of the supplied and/or stored data.
INVALID_CONFIGURATION The (central) system was configured improperly.
CANNOT_CHECK_QUALITY The quality check cannot be performed due to an internal reason.
INTERNAL_DATABASE_ERROR An internal error during the database connection occurred.
CANNOT_UPDATE_DATA Data cannot be updated.
BIOMETRIC_TYPE_NOT_SUPPORTED The biometric modality/type is not supported by the system.
NOTES: (1) See Clause 6 (Error handling) for an explanation of BIAS faults and return codes. (2) Service provider MAY define additional values specific to their service implementation.(3) See section 5.5 for additional information on BIAS security.
BIASFaultDetail Y Defines the error information associated with a SOAP fault.
BIASFaultType BIASFaultCode 1 Y References an error code.
BIASFaultMessage string 1 Y Provides a brief explanation of the fault.
BIASFaultDescriptionstring 0..1 N Provides detailed information about a
BIAS fault, such as trace details.
3.2.7 BIASIdentityField Type # ? Meaning
BIASIdentity Y Defines a single element for encapsulating the data associated with an Identity. Includes the Identity’s reference identifiers, biographic data, and biometric data.The operations that use this type specify which elements are required.
SubjectID BIASIDType 0..1 C A system unique identifier for a subject.Required as input to many operations.
IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
EncounterList EncounterListType 0..1 N A list of encounters associated with a subject.
BiographicData BiographicDataType 0..1 N An Identity’s biographic data.
BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data.
BinaryBIR BaseBIRType Y Defines a BIR type of Binary
Binary base64Binary 1 Y BIR information in base64 binary format
3.2.10 BiographicDataItemTypeField Type # ? Meaning
BiographicDataItemType Y Defines a single biographic data element.
Name string 1 Y The name of the biographic data item.
Type string 1 Y The data type for the biographic data item.
Value string 0..1 N The value assigned to the biographic data item.
NOTE: This element can be used to transmit scanned identity documents or document information (e.g., passports, driver’s license, birth certificates, utility bills, etc. required to establish an identity).
3.2.11 BiographicDataItemListTypeField Type # ? Meaning
BiographicDataItemListType Y Defines a list of biographic data elements.
BiographicDataItemBiographicDataItemType 1..* Y Data structure containing information
about a biographic record.
3.2.12 BiographicDataListTypeField Type # ? Meaning
BiographicDataListType Y Defines a list of biographic data.
BiographicDataBiographicDataType 0..* N Data structure containing information about a
biographic record.
3.2.13 BiographicDataSetTypeField Type # ? Meaning
BiographicDataSetType Y Defines a set of biographic data that is formatted according to the specified format.
name string 1 Y The name of the biographic data format. Use these names for common formats: FBI-EFTS [EFTS], FBI-EBTS [EBTS-FBI], DOD-EBTS [EBTS-DOD], INT-I [INT-I], NIEM [NIEM], xNAL Error: Reference source not found, HR-XML [HR-XML].
version string 0..1 N The version of the biographic data format (e.g., “7.1” for FBI-EFTS or “2.0” for NIEM).
source string 1 Y Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS and FBI-EBTS) www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I) www.interpol.int, (NIEM) www.niem.gov, (xNAL) www.oasis-open.org, (HR-XML) www.hr-xml.org.
type string 1 Y The biographic data format type. Use these types for common formats: ASCII (e.g., for non-XML versions of FBI-EFTS, FBI-EBTS, DOD-EBTS, or INT-I), XML (e.g., for NIEM, xNAL, and HR-XML or future versions of FBI-EBTS).
unspecified any 0..* N Biographic data formatted according to a specific format.
NOTE: Biographic data formats are not limited to those listed. The string value is not enumerated. If one of the common types are used, it MUST be indicated by the specified name values; however, the service provider MAY offer other formats. See ISO/IEC 30108 for further information.
3.2.14 BiographicDataTypeField Type # ? Meaning
BiographicDataType Y Defines a set of biographic data elements, utilizing either the BiographicDataItemListType to represent a list of elements or the BiographicDataSetType to represent a complete, formatted set of biographic information.One of the following elements must be present.
LastName string 0..1 N The last name of a subject.
FirstName string 0..1 N The first name of a subject.
BiographicDataItemListBiographicDataItemListType 0..1 N A list of biographic data
elements.
BiographicDataItemBiographicDataItemType 1..* Y A single biographic data
element.
BiographicDataSetBiographicDataSetType 0..1 N A set of biographic data
information.
NOTE: The implementer is given three choices for encoding biographic data: Encode only first and last name using the defined fields within BiographicDataType Define a list of biographic data elements using the BiographicDataItemListType Use a pre-defined set of biographic data (e.g., as specified in another standard) using
the BiographicDataSetType.See also ISO/IEC 30108-1, section 8.1 for further information.
BiometricDataType Y Provides descriptive information about biometric data, such as the biometric type, subtype, and format, contained in the BDB of the CBEFF-BIR.
BiometricType oasis_cbeff:MultipleTypesType 1 Y The type of biological or behavioral data stored in the biometric record, as defined by CBEFF.
BiometricTypeCountpositiveInteger 0..
1N The number of biometric
records having the biometric type recorded in the biometric type field.
BiometricSubTypeoasis_cbeff:SubtypeType 0..
1N More specifically defines the
type of biometric data stored in the biometric record, as defined by CBEFF.
BDBFormatOwnerpositiveInteger 1 Y Identifies the standards body,
working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric data.
BDBFormatTypepositiveInteger 1 Y Identifies the specific biometric
data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.
3.2.16 BiometricDataListTypeField Type # ? Meaning
BiometricDataListType Y A list of biometric data elements.
BiometricDataRecord BiometricDataType 0..* N Data structure containing information about a biometric record.
3.2.17 CandidateListResultTypeField Type # ? Meaning
CandidateListResultType Y Defines a set of candidates, utilizing the CandidateType to represent each element in the set.
CandidateList CandidateListType 1 Y The candidate list.
AggregateInputDataOptional A data element accepted as optional input by the implementing system for the aggregate services.
The Capability Value should be set to the name of the data element that will be accepted by the aggregate services.
The Capability Supporting Value that indicates the which services support the data element, using one or more of the following values, each separated by a comma:
“Delete”“Enroll”“Identify”“Verify”“All”
AggregateInputDataRequired A data element required as input by the implementing system for the aggregate services.
The Capability Value should be set to the name of the data element that will be accepted by the aggregate services.
The Capability Supporting Value that indicates the which services support the data element, using one or more of the following values, each separated by a comma:
AggregateProcessingOption A processing option supported by the implementing system for the aggregate services.
The Capability Value should be set to the option identifier, or “key” field, for the Processing Option parameter in the aggregate services.
The Capability Supporting Value that indicates the option value, or “value” field, for the Processing Option parameter in the aggregate services, if applicable.
The Capability Additional Info should indicate which aggreagate services support the processing option, using one or more of the following values, each separated by a comma:
“Delete”“Enroll”“Identify”“Verify”“Retrieve”“All”
AggregateReturnData A data element returned by the implementing system for the aggregate services.
The Capability Value should be set to the name of the data element that will be returned by the aggregate services.
The Capability Supporting Value that indicates which services support the data element, using one or more of the following values, each separated by a comma:
AggregateServiceDescription Describes the processing logic of an aggregate service supported by the implementing system.
The Capability Value should be set to the name of the data element that describes the aggregate services.
The Capability Supporting Value that indicates the which services support the data element, using one or more of the following values, each separated by a comma:
“Delete”“Enroll”“Identify”“Verify”“Retrieve”
BiographicDataSet Identifies a biographic data set supported by the implementing system.
The Capability Value should contain the name of the biographic data format supported by the implementing system(e.g. “EBTS” or “NIEM”).
The Capability Supporting Value should contain the version of the biographic data format supported by the implementing system.
The Capability Additional Info should contain the biographic data format type supported by the implementing system (e.g. ASCII or XML).
CBEFFPatronFormat A patron format supported by the implementing system.
The Capability Value should contain the format owner.
The Capability Supporting Value should contain the format type.
ClassificationAlgorithmType A classification algorithm type supported by the implementing system.
The Capability Value should contain the name of classification alogorithm type supported by the implementing system.
Gallery A gallery or population group supported by the implementing system.
The Capability Value should be the same as the value used for the Gallery ID parameter in the Add Subject to Gallery, Delete Biographic Data, Delete Biometric Data, Delete Subject From Gallery, Identify Subject, Retrieve Biographic Information, Retrieve Biometric Information, Retrieve Document Data, Set Biographic Data, Set Biometric Data, Set Document Data, and Verify Subject Services.
IdentityModel Identifies whether the implementing system is person-centric or encounter-centric based.
The Capability Value shall be set to one of the following:
“person”“encounter”
MatchAlgorithm A match algorithm vendor and algorithm vendor product ID supported by the implementing system.
The Capability Value shall contain the algorighm vendor.
The Capability Supporting Value shall contain the algorithm vendor product ID.
The Capability Additional Info shall be set to the biometric type (defined by the XML Patron Format in ISO/IEC 19785-3) that corresponds to the match algorithm.
The Capability Description shall contain the software version of the match algorithm.
MatchScore Identifies the use of match scores returned by the implementing system.
The Capability Value shall be set to the end-of-score-range that signifies a match.
The Capability Supporting Value shall be set to the end-of-score-range that signifies a no-match.
The Capability Additional Info shall be set to the biometric type (defined by the XML Patron Format in ISO/IEC 19785-3) that corresponds to the match score range.
QualityAlgorithm A quality algorithm vendor and algorithm vendor product ID supported by the implementing system.
The Capability Value shall contain the algorighm vendor.
The Capability Supporting Value shall contain the algorithm vendor product ID.
The Capability Additional Info shall be set to the biometric type (defined by the XML Patron Format in ISO/IEC 19785-3) that corresponds to the quality algorithm.
The Capability Description shall contain the software version of the quality algorithm.
SupportedBiometric A biometric type supported by the implementing system.
The Capability Value shall be set to the biometric type, as defined by the ZML Patron Format in ISO/IEC 19785-3 (for example, the biometric type for face is represented a “face”).
The Capability Supporting Value shall indicate if the implementing system supports matching for the biometric type, using one of he following values:
“1” (identification)“2” (verification)“3” (identification and verification)“4” (no comparison supported)
TransformOperation A transform operation type supported by the implementing system.
The Capability Value shall be equal to the value for the Transform Operation parameter in the Transform Biometric Data service.
The Capability Supporting Value shall specify the value of the Transform Control parameter in the Transform Biometric Data service. The value returned may be either a single value or a range of values. If a range of values is returned, the Capability Description shall specify additional information for the value of the Transform Control parameter. If the Transform Operation does not support a Transform Control, the Capability Supporting value shall be set to “NotApplicable”.
3.2.22 CapabilityTypeField Type # ? Meaning
CapabilityType Y Defines a single capability supported by an implementing system.
CapabilityName CapabilityName 1 Y The name of the capability.
CapabilityID string 0..1 N An identifier assigned to the capability by the implementing system.
CapabilityDescription string 0..1 N A description of the capability.
CapabilityValue string 0..1 N A value assigned to the capability.
CapabilitySupportingValuestring 0..1 N A secondary value supporting the
capability.
CapabilityAdditionalInfo string 0..1 N Contains additional information for the supported capability.
3.2.23 CBEFF_BIR_ListTypeField Type # ? Meaning
CBEFF_BIR_ListType Y A list of CBEFF-BIR elements.
BIR CBEFF_BIR_Type 0..* N CBEFF structure containing information about a biometric sample.
3.2.24 CBEFF_BIR_TypeField Type # ? Meaning
CBEFF_BIR_Type Y Represents biometric information, with either a non-XML or XML representation.
FormatOwner positiveInteger 1 Y Identifies the Patron format owner.
FormatType positiveInteger 1 Y Identifies the Patron format type.
BIR_Information 0..1
N Describes what is contained in a BIR.
BIR_Info oasis_cbeff:BIRInfoType 0..1
N Contains information about the CBEFF-BIR.
BDB_Infooasis_cbeff:BDBInfoType 0..
1N Contains information about the
BDB in a simple CBEFF-BIR.
SB_Info oasis_cbeff:SBInfoType 0..1
N Contains information about the security block, if used, in a simple CBEFF-BIR.
BIR BaseBIRType 1 Y One of the following sub-elements must be present: BinaryBIR, URI_BIR, or XML_BIR.
NOTE: The implementer is given three choices for encoding a BIR:
As an XML BIR (following the XML Patron format as specified in Annex B)
As a reference to a URI (from which the receiver would retrieve the actual BIR)
As a complete Base64 encoded binary (non-XML) BIR.
The latter two alternatives can use any CBEFF Patron Format. The optional BIR_Information provides a mechanism for exposing metadata associated with a BIR format that is not easily decoded (i.e., a non-XML BIR). See section 5.3 for more information on handling of binary data within BIAS and ISO/IEC 30108, Clause 8.2, for more information on representing biometric data.
NOTE: (1) XML BIRs MUST conform to the XML patron format in Annex B; however, non-XML (binary)
and URI BIRs MAY implement any CBEFF patron format.(2) It is RECOMMENDED that only registered CBEFF patron formats be used; however, in closed
systems, this may not be required.
3.2.25 ClassificationType: string
Description: The result of a classification.
3.2.26 ClassificationAlgorithmTypeType: string
Description: Type of classification algorithm that was used to perform the classification.
DocumentImage xsd:base64binary 0..1 N A scanned image of the subject document (e.g. passport picture page).
3.2.29 DocumentDataListTypeField Type # ? Meaning
DocumentDataListType Y Provides a list of documents.
DocumentData DocumentDataType 0..* Y Data structure containing information about a document and optionally an image of that document.
3.2.30 EncounterCategoryTypeType: String
Description: Identifies the type of encounter (interaction) during which the identity (biographic, biometric, and/or document) data was collected from the subject as determined by the requester.
EncounterCategoryType Enumeration Values
Value Description
Enrollment The encounter is created during an enrolment interaction.
Recognition The encounter is created during a recognition interaction.
Unspecified The type of encounter is unknown.
3.2.31 EncounterListTypeField Type # ? Meaning
EncounterListType Y Defines a set of encounters.
EncounterID BIASIDType 0..* N The identifier of an encounter.
3.2.32 FusionDecisionType: string
Description: The match decision assigned by the matching algorithm
3.2.33 FusionIdentityListTypeField Type # ? Meaning
FusionIdentityListType Y Contains fusion input elements for one or more identities, utilizing the FusionInformationListType to represent a single set of fusion information for each identity.
FusionIdentity FusionInformationListType 0..* Y A set of fusion information for a single identity.
3.2.34 FusionInformationListTypeField Type # ? Meaning
FusionInformationListType Y Contains at a minimum two sets of fusion input elements, as input to the PerformFusion operation.
FusionElement FusionInformationType 2..* Y A set of fusion information.
3.2.35 FusionInformationTypeField Type # ? Meaning
FusionInformationType Y Represents the information necessary to perform a fusion operation.
BiometricType oasis_cbeff:MultipleTypesType
1 Y The type of biological or behavioral data stored in the biometric record, as defined by CBEFF.
BiometricSubTypeoasis_cbeff: SubtypeType
0..1 N More specifically defines the type of biometric data stored in the biometric record.
AlgorithmOwner string 1 Y The owner or vendor of the algorithm used to determine the score or decision.
AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.
FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.
3.2.36 FusionResultType: complexType
Description: The base type for any resulting types which indicate the status of a Fusion operation
OptionType Y BIAS aggregate operations support the ability to include various processing options which direct and possibly control the business logic for that operation. Together with the ProcessingOptionsType, The OptionType provides a method to represent those options. Processing options SHOULD be defined by the implementing system.
Key string 1 Y The identifier of an option supported by the implementing system.
Value string 0..1 N The value for an option supported by the implementing system.
3.2.44 ProcessingOptionsTypeField Type # ? Meaning
ProcessingOptionsType Y BIAS aggregate operations support the ability to include various processing options which direct and possibly control the business logic for that operation. The ProcessingOptionsType provides a method to represent those options. Processing options SHOULD be defined by the implementing system.
Option OptionType 0..* N An option supported by the implementing system.
3.2.45 ProductIDType: string
Description: The vendor’s ID for a particular product.
3.2.46 QualityDataField Type # ? Meaning
QualityData Y Contains information about a biometric sample’s quality and the algorithm used to compute the quality.
QualityScore oasis_cbeff:QualityType 0..1 N The quality of a biometric sample.
AlgorithmVendor VendorIdentifier 1 Y The vendor of the quality algorithm used to determine the quality score.
AlgorithmVendorProductIDProductID 1 Y The vendor’s ID for the
algorithm used to determine the quality.
AlgorithmVersion VersionType 0..1 N The version of the algorithm used to determine the quality.
3.2.47 ResponseStatusField Type # ? Meaning
ResponseStatus Y
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Messagestring 0..1 N A short message corresponding to the return code.
3.2.48 ReturnCodeType: unsignedLong
Description: Return value specifying success or other condition.
ReturnCode Enumeration Values
Value Description
0 Success
3.2.49 ScoreTypeField Type # ? Meaning
ScoreType Y
Value float 1 Y Defines a match result or quality score.
BiometricTypeoasis_cbeff:MultipleTypesType 0..1 N The type of biological or behavioral
data stored in the biometric record, as defined by CBEFF.
BiometricSubType
oasis_cbeff:SubTypesType 0..1 N More specifically defines the type of biometric data stored in the biometric record.
NOTE: Matching scores MAY be in a standardized or proprietary form in terms of value range and interpretation. Quality scores, however, follow the definition found in Annex B.
TokenResultType Y Defines a token that is returned for asynchronous processing.
TokenType TokenType 1 Y Defines a token that is returned for asynchronous processing.
3.2.51 TokenTypeField Type # ? Meaning
TokenType Y Defines a token that is returned for asynchronous processing.
TokenValuestring 1 Y A value returned by the implementing system that is
used to retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
NOTE: Date/time format is defined in ISO/IEC 30108 and is consistent with the date format specified in Annex B and ISO 8601 [DATE-TIME].See also Annex A for schema definition.
3.2.52 URI_BIRField Type # ? Meaning
URI_BIR BaseBIRType Y Defines a BIR type of Binary
URI anyURI 1 Y The URI of the BIR
3.2.53 VendorIdentifierType: string
Description: Identifies a vendor.
NOTE: Vendor identifiers are registered with IBIA as the CBEFF registration authority (see ISO/IEC 19785-2). Registered biometric organizations are listed at: http://www.ibia.org/cbeff/_biometric_org.php.
3.2.54 VersionField Type # ? Meaning
Version Y For a description or definition of each data element, see the referenced CBEFF standards in the 3.2.24 CBEFF_BIR_Typeschema.
4 BIAS MessagesThis section describes the BIAS messages implementing BIAS operations as defined in ISO/IEC 30108-1:2015. The operations are listed alphabetically, with each operation containing a request and a response message. The tables follow the conventions described in section 3.1.
The AddSubjectToGallery operation registers a subject to a given gallery or population group. As an OPTIONAL parameter, the value of the claim to identity by which the subject is known to the gallery MAY be specified. This claim to identity MUST be unique across the gallery. If no claim to identity is specified, the subject ID (assigned with the CreateSubject operation) will be used as the claim to identity. In the encounter-centric model, the encounter ID associated with the subject’s biometrics that will be added to the gallery MUST be specified. Additionally, the service provider implementation is responsible for the creation and management of galleries. For this purpose, services are not exposed to the requester.
Request Message
Field Type # ? Meaning
AddSubjectToGallery Y Register a subject to a given gallery or population group.
AddSubjectToGalleryRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “AddSubjectToGallery”.
GalleryID BIASIDType 1 Y The identifier of the gallery or population group to which the subject will be added.
Identity BIASIdentity 1 Y The identity to add to the gallery.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
IdentityClaim BIASIDType 0..1 N An identifier by which a subject is known to a particular gallery or population group. (This could be a username or account number, for example.)
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
Response Message
Field Type # ? Meaning
AddSubjectToGalleryResponse Y The response to an AddSubjectToGallery operation.
AddSubjectToGalleryResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
4.1.2 CheckQualityCheckQualityRequest
CheckQualityResponse
The CheckQuality operation returns a quality score for a given biometric or a specified subject. Either a biometric sample or a subject ID MUST be provided. The biometric input is provided in a CBEFF basic structure or CBEFF record, which in this specification is called a CBEFF-BIR. The algorithm vendor and algorithm vendor product ID MAY be optionally provided in order to request a particular algorithm’s use in calculating the biometric quality. If an algorithm vendor is provided, then the algorithm vendor product ID is REQUIRED. If no algorithm vendor is provided, the implementing system will provide the algorithm vendor and algorithm vendor product ID that were used to calculate the biometric quality as output parameters.
Algorithm Vendors are registered with the ISO Biometric Registration Authority. They are assigned unique identifiers as outlined in ISO/IEC 19785-2. Algorithm Product IDs are assigned by the registered algorithm vendor.
CheckQuality Y Calculate a quality score for a given biometric.
CheckQualityRequest 1 Y
GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “CheckQuality”.
BiometricData BIASBiometricDataType 0..1 C Data structure containing a single biometric sample for which a quality score is to be determined; required if no Subject ID is provided.
BIR CBEFF_BIR_Type 1 Y The biometric sample.
Identity BIASIdentity 0..1 C Required if no BIR is provided.
SubjectID BIASIDType 1 Y Identifies the subject; required if no BIR is provided.
Qualityinfo QualityData 0..1 N Specifies a particular algorithm vendor and vender product ID.
The ClassifyBiometricData operation attempts to classify a biometric sample. For example, a fingerprint biometric sample may be classified as a whorl, loop, or arch (or other classification classes and sub-classes). If no classification algorithm is input, then the BIAS service provider will make the selection.
To obtain the types of classification algorithms and classes, see the QueryCapabilities operation.
Request Message
Field Type # ? Meaning
ClassifyBiometricData Y Classifies a biometric sample.
ClassifyBiometricDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “ClassifyBiometricData”.
BiometricData BIASBiometricDataType 1 Y Data structure containing a single biometric sample for which the classification is to be determined.
BIR CBEFF_BIR_Type 1 Y The biometric sample.
ClassificationData 0..1 N Contains the algorithm to be used to determine the classification.
ClassificationAlgorithmType ClassificationAlgorithmType1 Y Identifies the type of
classification algorithm to be used to perform the classification.
1 Y Identifies the type of classification algorithm that was used to perform the classification.
4.1.4 CreateEncounterCreateEncounterRequest
CreateEncounterResponseThe CreateEncounter operation creates a new encounter record for a subject and associates an encounter ID to that record. If an encounter ID is not supplied by the requester, the service generates an encounter ID that uniquely identifies the encounter within the subject record. The CreateEncounter operation is performed prior to a SetBiographicData, SetBiometricData, or SetDocumentData operation.
In encounter mode, for match operations, the BIAS service provider will create the encounter and will set the encounter type to “recognition”. Normally the BIAS implementation will assign the encounter ID. However, if a requester assigns the encounter ID, it should be used unless it duplicates an existing encounter ID. If that happens an error should be returned.
CreateEncounter Y Create a new encounter record for the specified subject and associate an encounter ID to that record.
CreateEncounterRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “CreateEncounter”.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 1 Y A system unique identifier for a subject
EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.Required for encounter-centric models.
EncounterType EncounterCategoryType 1 Y Identifies the type of encounter during which data was collected from the subject, as determined by the requester.
Response Message
Field Type # ? Meaning
CreateEncounterResponse Y The response to a CreateEncounter operation, containing the new encounterID associated with the specified subject.
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity 1 Y
EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.Required for encounter-centric models.
4.1.5 CreateSubjectCreateSubjectRequest
CreateSubjectResponse
The CreateSubject operation creates a new subject record and associates a subject ID to that record. As an optional parameter, the subject ID MAY be specified by the caller. If no subject ID is specified, the CreateSubject operation will generate one. UUIDs should be used for Subject IDs when universal uniqueness is required.
Request Message
Field Type # ? Meaning
CreateSubject Y
CreateSubjectRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “CreateSubject”.
The DeleteBiographicData operation erases all of the biographic data associated with a given subject record. In the encounter-centric model the operation erases all of the biographic data associated with a given encounter, and therefore the encounter ID MUST be specified. If no encounter ID is specified, or it is null, biographic data will be removed from all encounters. If a gallery is specified, biographic data will be deleted from that gallery only.
When deleting data, BIAS implementations MAY completely erase the information in order to prevent the ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for auditing and/or quality control purposes.
Request Message
Field Type # ? Meaning
DeleteBiographicData Y Erase all of the biographic data associated with a given subject record or, in the encounter-centric model, with a given encounter.
DeleteBiographicDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
The DeleteBiometricData operation erases all of the biometric data associated with a given subject record. In the encounter-centric model the operation erases all of the biometric data associated with a given encounter, and therefore the encounter ID MUST be specified. If no encounter ID is specified, or it is null, biometric data will be removed from all encounters. If a gallery is specified, biometric data will be deleted from that gallery only. If a biometric type(s) is specified, then only biometric data of that type will be deleted.
When deleting data, BIAS implementations MAY completely erase the information in order to prevent the ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for auditing and/or quality control purposes.
Request Message
Field Type # ? Meaning
DeleteBiometricData Y Erase all of the biometric data associated with a given subject record or, in the encounter-centric model, with a given encounter.
DeleteBiometricDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “DeleteBiometricData”.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
BiometricType oasis_cbeff:MultipleTypesType
0..1 N The type of biological or behavioral data to delete, as defined by CBEFF.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group from which the biometric information will be deleted.
Response Message
Field Type # ? Meaning
DeleteBiometricDataResponse Y The response to a DeleteBiometricData operation.
DeleteBiometricDataResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
4.1.8 DeleteDocumentDataDeleteDocumentDataRequest
DeleteDocumentDataResponseThe DeleteDocumentData operation erases all of the document data of the specified category(ies) associated with a given subject record. In the encounter-centric model the service erases all of the document data associated with a given encounter, and therefore the encounter ID MUST be specified. If no encounter ID is specified, or it is null, document data will be removed from all encounters. If no categories are specified, then all categories (for the specified encounters) will be deleted. When deleting data, BIAS implementations MAY completely erase the information in order to prevent the ability to reconstruct a record in whole or in part, or they may track and record the deleted information for auditing and/or quality control purposes.
Request Message
Field Type # ? Meaning
DeleteDocumentData Y Erase all of the document data associated with a given subject record or, in the encounter-centric model, with a given encounter.
Message string 0..1 N A short message corresponding to the return code.
4.1.9 DeleteEncounterDeleteEncounterRequest
DeleteEncounterResponseThe DeleteEncounter operation deletes an existing encounter record from the system. When deleting an encounter, BIAS implementations MAY completely erase the information in order to prevent the ability to reconstruct a record in whole or in part, or they MAY track and record the deleted information for auditing and/or quality control purposes.
Request Message
Field Type # ? Meaning
DeleteEncounter Y Delete an existing encounter record and, any associated encounter information.
DeleteEncounterRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “DeleteEncounter”.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 1 Y A system unique identifier for a subject
EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.
DeleteEncounterResponse Y The response to a DeleteEncounter operation.
DeleteEncounterResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
4.1.10 DeleteSubjectDeleteSubjectRequest
DeleteSubjectResponse
The DeleteSubject operation deletes an existing subject record and, in an encounter-centric model, any associated encounter information from the system. This operation also removes the subject from any registered galleries.
When deleting a subject, BIAS implementations MAY completely erase the subject information in order to prevent the ability to reconstruct a record or records in whole or in part, or they MAY track and record the deleted information for auditing and/or quality control purposes.
Request Message
Field Type # ? Meaning
DeleteSubject Y Delete an existing subject record and, in an encounter-centric model, any associated encounter information.
DeleteSubjectRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
The DeleteSubjectFromGallery operation removes the registration of a subject from a gallery or population group. The subject is identified by either the subject ID or the claim to identity that was specified in the AddSubjectToGallery operation.
Request Message
Field Type # ? Meaning
DeleteSubjectFromGallery Y Remove the registration of a subject from a gallery or population group.
DeleteSubjectFromGalleryRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “DeleteSubjectFromGallery”.
GalleryID BIASIDType 1 Y The identifier of the gallery or population group from which the subject will be deleted.
Identity BIASIdentity 1 Y The identity to remove from the gallery.
SubjectID BIASIDType 0..1 C A system unique identifier for a subject.Required if an Identity Claim is not provided.
IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group.Required if a Subject ID is not provided.
Response Message
Field Type # ? Meaning
DeleteSubjectFromGalleryResponse Y The response to a DeleteSubjectFromGallery operation.
DeleteSubjectFromGalleryResponsePackage
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1
N A short message corresponding to the return code.
The GetIdentifySubjectResults operation retrieves the identification results for the specified token. This opereation is used in conjunction with the IdentifySubject operation. If the IdentifySubject operation is implemented as an asynchronous service, the implementing system returns a token and the GetIdentifySubjectResults operation is used to poll for the results of the original IdentifySubject request.
Request Message
Field Type # ? Meaning
GetIdentifySubjectResults Y Retrieve the identification results for a specified token, which was returned by the IdentifySubject operation.
GetIdentifySubjectResultsRequest 1 Y
GenericRequestParameters GenericRequestParameters
0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “GetIdentifySubjectResults”.
Token TokenType 1 Y A value used to retrieve the results of an IdentifySubject request.
TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
GetIdentifySubjectResultsResponse Y The response to a GetIdentifySubjectResults operation, which includes a candidate list.
GetIdentifySubjectResultsResponsePackage
1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
CandidateList CandidateListType 1 Y A rank-ordered list of candidates that have a likelihood of matching the input biometric sample.
Candidate CandidateType 0..* N A single candidate.
Score ScoreType 0..1 N The match score.
BiographicDataBiographicDataType 0..1 N Biographic data associated
with the candidate match.
BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match.
BIRCBEFF_BIR_Type 0..* N CBEFF structure containing
information about a biometric sample.
4.1.13 IdentifySubjectIdentifySubjectRequest
IdentifySubjectResponse
The IdentifySubject operation performs an identification search against a given gallery for a given biometric, returning a rank-ordered candidate list of a given maximum size. Note that multiple scores/candidates is already incorporated as a score comes with a CandidateType which is a member of CandidateList.
If the IdentifySubject operation is implemented as a synchronous service, the implementing system immediately processes the request and returns the results in the candidate list. If the IdentifySubject operation is implemented as an asynchronous service, the implementing system returns a token, which is an indication that the request is being handled asynchronously. In this case, the GetIdentifySubjectResults operation is used to poll for the results of the IdentifySubject request.
IdentifySubject Y Perform an identification search against a given gallery for a given biometric.
IdentifySubjectRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “IdentifySubject”.
GalleryID BIASIDType 0..1 C The identifier of the gallery or population group which will be searched. Must not be used in conjunction with Gallery parameter.
Gallery CandidateListType 0..1 C A list of BIRs that must be used instead of a stored gallery. Must not be used in conjunction with GalleryID parameter.
Identity BIASIdentity 1 Y Contains the BIR, a data structure containing the biometric sample for the search.
BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.
BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.
0..1 C A rank-ordered list of candidates that have a likelihood of matching the input biometric sample (i.e., exceed the system threshold).Rank ordering is from highest to lowest match score.Returned with successful synchronous request processing.
Candidate CandidateType 0..* N A single candidate.
Score ScoreType 0..1 N The match score.
BiographicDataBiographicDataType 0..1 N Biographic data associated
with the candidate match.
BIRList CBEFF_BIR_ListType 1 Y Biometric data associated with the candidate match.
BIRCBEFF_BIR_Type 0..* N CBEFF structure containing
0..1 C A token used to retrieve the results of the IdentifySubject operation.Returned with asynchronous request processing.
TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
NOTES: (1) In the event that the number of candidates exceeding the threshold exceeds the
MaxListSize, the system will determine which candidate is included in the last position of the rank ordered candidate list (i.e., in the event of a tie).
(2) Requesters MAY NOT change the system thresholds.
The ListBiographicData operation lists the biographic data elements stored for a subject using the Biographic Data Elements output parameter. Note that no actual biographic data is returned by this operation (see the RetrieveBiographicData operation to obtain the biographic data). In the encounter-centric model, an encounter ID MAY be specified to indicate that only the biographic data elements stored for that encounter should be returned. If an encounter ID is not specified and encounter data exists for the subject, the operation returns the list of encounter IDs which contain biographic data using the Encounter List output parameter, and the Biographic Data Element List output parameter is empty.
Request Message
Field Type # ? Meaning
ListBiographicData Y Lists the biographic data elements stored for a subject.
ListBiographicDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “ListBiographicData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.
EncounterType EncounterCategoryType 0..1 C Identifies the category of encounter. If an encounter ID is not specified and encounter data exists for the subject, the operation returns the list of encounter IDs of a specific type which contain biographic data using the Encounter List output parameter, and the Biographic Data Elements output parameter is empty.Should not be used in conjunction with EncounterID.
ListBiographicDataResponse Y The response to a ListBiographicData request, containing a list of biographic data elements stored for a subject. In the encounter-centric model, the biographic data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biographic data is returned.
ListBiographicDataResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity 1 Y Contains a list of biographic data elements associated with a subject or encounter; non-empty if the service was successful, biographic data exists, and either (a) the person-centric model is being used or (b) the encounter-centric model is being used and an encounter identifier was specified.
BiographicData BiographicDataType 0..1 C An Identity’s biographic data elements that are stored in the implementing system.
EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biographic data; non-empty if the service was successful, biographic data exists, the encounter-centric model is being used, and an encounter identifier was not specified.
EncounterID BIASIDType 0..* N The identifier of an encounter.
4.1.15 ListBiometricDataListBiometricDataRequest
ListBiometricDataResponse
The ListBiometricData operation lists the biometric data elements stored for a subject using the Biometric Data List output parameter. Note that no actual biometric data is returned by this operation (see the RetrieveBiometricData operation to obtain the biometric data). In the encounter-centric model, an encounter ID MAY be specified to indicate that only the biometric data elements stored for that encounter should be returned. If an encounter ID is not specified and encounter data exists for the subject, the operation returns the list of encounter IDs which contain biometric data using the Encounter List output parameter, and the Biometric Data List output parameter is empty.
An optional parameter MAY be used to indicate a filter on the list of returned data. Such a filter may indicate that only biometric types should be listed (e.g., face, finger, iris, etc.) or that only biometric subtypes for a particular biometric type should be listed (e.g., all fingerprints: left slap, right index, etc.). If a filter is not specified, all biometric type and biometric subtype information must both be listed (e.g., left index finger, right iris, face frontal, etc.).
Request Message
Field Type # ? Meaning
ListBiometricData Y Lists the biometric data elements stored for a subject.
EncounterType EncounterCategoryType 0..1 C Identifies the category of encounter. If an encounter ID is not specified and encounter data exists for the subject, the operation may return the list of encounter IDs of a specific type which contain biometric data using the Encounter List output parameter, and the Biometric Data List output parameter is empty.Should not be used in conjunction with EncounterID.
ListFilterType ListFilterType 0..1 N Indicates what biometric information should be returned.
BiometricTypeFilter oasis_cbeff:MultipleTypesType
1..* Y Limits the returned information to a specific type of biometric, as defined by CBEFF.
IncludeBiometricSubTypeboolean 1 Y A Boolean flag
indicating if biometric subtype information should be returned.
ListBiometricDataResponse Y The response to a ListBiometricData operation, containing a list of biometric data elements stored for a subject. In the encounter-centric model, the biometric data elements for a specific encounter are returned. If an encounter ID is not specified and encounter data exists for the subject, the list of encounter IDs which contain biometric data is returned.
ListBiometricDataResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity 0..1 N Includes a list of biometric data elements associated with a subject or encounter or a list of encounter ID’s associated with a subject and which contain biometric data.
BiometricData BIASBiometricDataType 0..1 C An Identity’s biometric data.
EncounterList EncounterListType 0..1 C A list of encounter ID’s associated with a subject and which contain biometric data; non-empty if the service was successful, biometric data exists, the encounter-centric model is being used, and an encounter identifier was not specified.
EncounterID BIASIDType 1..* Y The identifier of an encounter.
4.1.16 ListDocumentDataListDocumentDataRequest
ListDocumentDataResponseThe ListDocumentData operation lists the document categories stored for a subject using the Document Data List output parameter. Note that no other document data is returned by this operation (see the RetrieveDocumentData operation to obtain document data by category.) In the encounter-centric model, an encounter ID may be specified to indicate that only the document data elements stored for that encounter should be returned. If an encounter ID is not specified and encounter data exists for the subject, the operation mustl return the list of encounter IDs which contain document data using the Encounter List Output parameter, and the Document Data List output parameter must be empty.
Request Message
Field Type # ? Meaning
ListDocumentData Y
ListDocumentDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “ListDocumentData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.
SubjectID BIASIDType 1 Y A system unique identifier for a subject
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.
EncounterType EncounterCategoryType 0..1 C Identifies the category of encounter. If an encounter ID is not specified and encounter data exists for the subject, the operation must return the list of encounter IDs which contain document data using the Encounter List Output parameter, and the Document Data List output parameter must be empty.Should not be used in conjunction with EncounterID.
Response Message
Field Type # ? Meaning
ListDocumentDataResponse Y The response to a ListDocumentData operation.
ListDocumentDataResponsePackage
1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
DocumentDataList 3.2.29 DocumentDataListType
0..1 C A list of document categories associated with a subject or encounter; non-empty if the service was successful, document data exists, and either the person-centric model is being used or the encounter-centric model is being used and an encounter identifier was specified.
DocumentData 3.2.28 DocumentDataType
1..* Y Defines a set of document data elements providing information about the presented identity document
DocumentCategorystring 1 Y The type of identity
document presented (e.g. passport).
Identity BIASIdentity 0..1 C
EncounterList EncounterListType 1 Y A list of encounter IDs associated with a subject and which contain document data; non-empty if the service was successful, document data exists, the encounter-centric model is being used, and an encounter identifier was not specified.
EncounterIDBIASIDType 1..* Y The identifier of an
encounter.
4.1.17 PerformFusionPerformFusionRequest
PerformFusionResponse
The PerformFusion operation accepts either match score or match decision information and creates a fused match result. The FusionInformationListType, through the FusionInformationType, provides specific elements for match score input and match decision input for a single identity, while the FusionIdentityListType provides the ability to submit multiple identities to the Perform Fusion operation. The fusion method and processes are left to the implementing system.
vendor of the algorithm used to determine the score or decision.
AlgorithmType string 1 Y The Algorithm Owner’s identifier for the specific algorithm product and version used to determine the score or decision.
FusionResult FusionResult 0..1 C Either FusionScore or a FusionDecision element MUST be used.
Response Message
Field Type # ? Meaning
PerformFusionResponse Y The response to the PerformFusion operation.
PerformFusionResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1
N A short message corresponding to the return code.
Match MatchType 1 Y Indicates the result of the fusion method.
4.1.18 QueryCapabilitiesQueryCapabilitiesRequest
QueryCapabilitiesResponse
The QueryCapabilities operation returns a list of the capabilities, options, galleries, etc. that are supported by the BIAS implementation. Refer to Annex A in the ISO/IEC BIAS standard Error: Reference source not found for conformance requirements regarding which capability names an implementation must use in the QueryCapabilities operation. If the implementing system does not support a capability item, the Capability Value can be set to null in the response.
Proprietary and additional information may be returned by returning capabilities that are not part of those capabilities enumerated in the CapabilityNames section 3.2.20. When returning capabilities not enumerated in section 3.2.20, the Capability Description should describe the capability. For each
The RetrieveBiographicData operation retrieves the biographic data associated with a subject ID. In the encounter-centric model, the encounter ID MAY be specified and the operation will return the set of biographic data associated with that encounter (the list contains a single set). If the encounter ID is not specified in the encounter-centric model, the operation returns the list of biographic information associated with the most recent encounter. If no gallery ID is specified, a list of biographic information from all galleries will be returned.
Request Message
Field Type # ? Meaning
RetrieveBiographicData Y Retrieves the biographic data associated with a subject ID.
RetrieveBiographicDataRequest 1 Y
GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “RetrieveBiographicData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.
EncounterType EncounterCategoryType 0..1 N Identifies the type of encounter during which data was collected from the subject, as determined by the requester.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group from which the biographic information will be retrieved.
Response Message
Field Type # ? Meaning
RetrieveBiographicDataResponse Y The response to a RetrieveBiographicData operation.
RetrieveBiographicDataResponsePackage
1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
The RetrieveBiometricData operation retrieves the biometric data associated with a subject ID. In the encounter-centric model, the encounter ID MAY be specified and the operation will return the biometric data associated with that encounter. If the encounter ID is not specified in the encounter-centric model, the operation returns the biometric information associated with the most recent encounter.The operation provides an OPTIONAL input parameter to specify that only biometric data of a certain type should be retrieved.
Request Message
Field Type # ? Meaning
RetrieveBiometricData Y Retrieves the biometric data associated with a subject ID.
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “RetrieveBiometricData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.
EncounterType EncounterCategoryType 0..1 N Identifies the type of encounter during which data was collected from the subject, as determined by the requester.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group from which the biometric information will be retrieved.
BiometricType oasis_cbeff:MultipleTypesType
0..1 N The type of biological or behavioral data to retrieve.
Response Message
Field Type # ? Meaning
RetrieveBiometricDataResponse Y The response to a RetrieveBiometricData operation.
RetrieveDocumentDataResponseThe RetrieveDocumentData operation retrieves the list of document data associated with a subject ID for the category(ies) specified. In the encounter-centric model, the encounter ID MAY be specified and the operation returns the list of document data associated with that encounter. If the encounter ID is not specified in the encounter-centric model, the operation returns the list of document information associated with the most recent encounter for which document data exist. If no gallery ID is specified, document data from all galleries must be returned. If no document category is specified, all documents associated with the subject (and encounter ID, if present) must be returned.
Request MessageField Type # ? Meaning
RetrieveDocumentData Y
RetrieveDocumentDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
DocumentDataList DocumentDataListType 1 Y A list of document data associated with a subject or encounter.
4.1.22 SetBiographicDataSetBiographicDataRequest
SetBiographicDataResponse
The SetBiographicData operation associates biographic data to a given subject record. The identity model of the system determines whether the biographic information should replace any existing biographic information (person-centric model) or if a new encounter should be created and associated with the subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by the caller in order to link biographic with biometric and/or document information (assuming biometric and/or document information was previously associated using the SetBiometricData and/or SetDocumentData operations). If the encounter ID is omitted for the encounter-centric model, the operation returns a system-assigned encounter ID.
For encounter-based systems, the Create Encounter operation should be called prior to Set Biographic Data and/or Set Document Data. The Encounter ID assigned as a result should be used as input to this operation.
Request Message
Field Type # ? Meaning
SetBiographicData Y Associates biographic data to a given subject record.
SetBiographicDataRequest 1 Y
GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “SetBiographicData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to store.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.
BiographicData BiographicDataType 1 Y An Identity’s biographic data.One of the following elements MUST be present.
LastName string 0..1 C The last name of a subject.
FirstName string 0..1 C The first name of a subject.
BiographicDataItemListBiographicDataItemType 0..* C A list of biographic
data elements.
BiographicDataSetBiographicDataSetType 0..1 C A set of biographic
data information.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group to which the biographic will be added.
Response Message
Field Type # ? Meaning
SetBiographicDataResponse Y The response to a SetBiographicData operation.
SetBiographicDataResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity 0..1 C In an encounter-centric model, identifies the encounter ID assigned to a new encounter.
EncounterID BIASIDType 1 Y The identifier of an encounter associated with the subject.
4.1.23 SetBiometricDataSetBiometricDataRequest
SetBiometricDataResponse
The SetBiometricData operation associates biometric data to a given subject record. The identity model of the system determines whether the biometric information should replace any existing biometric information (person-centric model) or if a new encounter should be created and associated with the subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by the caller in order to link biometric with biographic and/or document information (assuming biographic and/or document information was previously associated using the SetBiographicData and/or SetDocumentData operation). If the encounter ID is omitted for the encounter-centric model, the operation returns a system-assigned encounter ID.
For encounter-based systems, the Create Encounter operation should be called prior to Set Biometric Data. The Encounter ID assigned as a result should be used as input to this operation.
Request Message
Field Type # ? Meaning
SetBiometricData Y Associates biometric data to a given subject record.
SetBiometricDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “SetBiometricData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to store.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.
BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.
BIRList CBEFF_BIR_ListType 1 Y A list of CBEFF-BIR elements.
BIRCBEFF_BIR_Type 1..* Y CBEFF structure
containing information about a biometric sample.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group to which the biometric will be added.
Response Message
Field Type # ? Meaning
SetBiometricDataResponse Y The response to a SetBiometricData operation.
SetBiometricDataResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
SetDocumentDataResponseThe SetDocumentData operation associates identity document data to a given subject record. The identity model of the system determines whether the document information should replace any existing document information for the same document category (person-centric model) or if a new encounter should be created and associated with the subject (encounter-centric model). For encounter-centric models, the encounter ID MAY be specified by the caller in order to link document with biographic and/or biometric information (assuming biographic and/or biometric information was previously associated using the SetBiographicData and/or SetBiometricData operation). If the encounter ID is omitted for the encounter-centric model, the operation returns a system-assigned encounter ID.
Request MessageField Type # ? Meaning
SetDocumentData Y
SetDocumentDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “SetDocumentData”.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 1 Y A system unique identifier for a subject
EncounterID BIASIDType 0..1 N The identifier of an encounter associated with the subject.
DocumentDataList DocumentDataListTyp e 1 Y A list of document data to associate with the subject or encounter.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group to which the document information will be added.
Response Message
Field Type # ? Meaning
SetDocumentDataResponse Y The response to a SetDocumentData operation.
InputBIR CBEFF_BIR_Type 1 Y Data structure containing the biometric information to be transformed.
TransformOperation unsignedLong 1 Y Value indicating the type of transformation to perform.
TransformControl string 0..1 N Specifies controls for the requested transform operation.Note: This could be a compression ratio, target data format, etc.
NOTE: The values for TransformOperation and TransformControl are implementation specific.
Response Message
Field Type # ? Meaning
TransformBiometricDataResponse Y The response to a TransformBiometricData operation.
TransformBiometricDataResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
OutputBIR CBEFF_BIR_Type 1 Y Data structure containing the new, transformed biometric information.
The UpdateBiographicData operation updates the biographic data for an existing subject record. The operation replaces any existing biographic data with the new biographic data. In the encounter-centric model, the encounter ID MUST be specified.
UpdateBiographicData Y Updates the biographic data for a given subject record.
UpdateBiographicDataRequest 1 Y
GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “UpdateBiographicData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to update.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
BiographicData BiographicDataType 1 Y An Identity’s biographic data.One of the following elements MUST be present.
The UpdateBiometricData operation updates the biometric data for an existing subject record. The operation includes an OPTIONAL parameter indicating if the new biometric sample should be merged with the existing biometric sample. If this parameter is set to “False” or is not used in the request, the operation replaces the existing biometric sample with the new biometric sample. The “merge” process is determined by the implementation. It may be accomplished by adding the sample to a multi-sample record or by performing some level of biometric fusion (for example, feature or sample level fusion). In the encounter-centric model, the encounter ID MUST be specified.
Request Message
Field Type # ? Meaning
UpdateBiometricData Y Updates a single biometric sample for a given subject record.
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “UpdateBiometricData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to update.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.
BIR CBEFF_BIR_Type 1 Y Contains biometric information in either a non-XML or an XML representation.
Merge boolean 0..1 N Value indicating if the input biometric sample should be merged with any existing biometric information.
Response Message
Field Type # ? Meaning
UpdateBiometricDataResponse Y The response to an UpdateBiometricData operation.
The UpdateDocumentData operation updates the document data for an existing subject record. The operation replaces any existing document data of the same category with the new document data. In the encounter-centric model, the encounter ID MUST be specified.
Request Message
Field Type # ? Meaning
UpdateDocumentData Y Updates the document data for a given subject record.
UpdateDocumentDataRequest 1 Y
GenericRequestParameters GenericRequestParameters 0..1 N Common request parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationName string 0..1 N Identifies the BIAS operation that is being requested: “UpdateDocumentData”.
Identity BIASIdentity 1 Y Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the document data to update.
SubjectID BIASIDType 1 Y A system unique identifier for a subject.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required for encounter-centric models.
DocumentDataList DocumentDataListType 1 Y A list of updated document data.
Response Message
Field Type # ? Meaning
UpdateDocumentDataResponse Y The response to an UpdateDocumentData operation.
UpdateDocumentDataResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
4.1.29 VerifySubjectVerifySubjectRequest
VerifySubjectResponse
The VerifySubject operation performs a 1:1 verification match between a given biometric and either a claim to identity in a given gallery or another provided biometric. As such either the Identity Claim or Reference BIR input parameters are REQUIRED.
In the encounter-centric model, for match operations, it is not necessary to explicitly create an encounter. The BIAS service provider will create the encounter and will set the encounter type to “recognition”.
VerifySubject Y Performs a 1:1 verification match between a given biometric and either a claim to identity in a given gallery or another given biometric.
VerifySubjectRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “VerifySubject”.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group of which the subject must be a member.Required if an Identity Claim is provided.
Identity BIASIdentity 1 Y Includes the identifying information and/or input and reference biometric samples.
IdentityClaim BIASIDType 0..1 C A unique identifier by which a subject is known to a particular gallery or population group. (e.g. Subject ID or account number)Required if a Reference BIR is not provided.
BiometricData BIASBiometricDataType 1 Y An Identity’s biometric data.
InputBIR CBEFF_BIR_Type 1 Y Maps to specific ISO/IEC BIAS elements as required by that specification.When multiple samples are included as input (e.g. in a multimodal operation), a complex BIR is used.
ReferenceBIRCBEFF_BIR_Type 0..1 C Maps to specific
ISO/IEC BIAS elements as required by that specification.Required if an Identity Claim is not provided.
Response Message
Field Type # ? Meaning
VerifySubjectResponse Y The response to a VerifySubject operation.
VerifySubjectResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Match boolean 0..1 Y Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.
Score ScoreType 0..1 N The score if the biometric information matched.
The Delete operation deletes an existing subject or, in an encounter-centric model, an existing encounter from the system. This may be accomplished in a number of different ways according to system requirements and/or resources. If the Delete operation is implemented as a synchronous service, the implementing system immediately processes the request and returns the results in the Return Data parameter. If the Delete operation is implemented as an asynchronous service, the implementing system returns a token in the Token parameter, which is an indication that the request is being handled asynchronously. In this case, the GetDeletionResults operation is used to poll for the results of the Delete request.
Request Message
Field Type # ? Meaning
Delete Y Deletes a subject or, in an encounter-centric model, an existing encounter from the system.
DeleteRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “Delete”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.
Option OptionType 0..* N An option supported by the implementing system.
InputData InformationType 0..1 N Contains the input data for the operation, as required by the implementing system.
Identity BIASIdentity 0..1 N The identifier for the subject, or in encounter-centric model the encounter to be deleted; required for encounter-centric models.
SubjectID BIASIDType 0..1 C The identifier assigned to the subject.
EncounterID BIASIDType 0..1 C The identifier for the encounter; required for encounter-centric models.
Response Message
Field Type # ? Meaning
DeleteResponse Y The response to a Delete operation.
DeleteResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 0..1 C The identifier assigned to the subject.
EncounterID BIASIDType 0..1 C The identifier of the encounter; required for encounter-centric models.
ReturnData InformationType 0..1 N Contains the output data for the response.
Token TokenType 0..1 C A token used to retrieve the results of the Delete request; returned with asynchronous request processing. If set to zero, operation is processed synchronously. If set to a non-zero value, operation is processed asynchronously and Get Deletion Results must be used to retrieve the results.
TokenValue string 1 Y A value returned by the implementing system that is used by Get Deletion Results to retrieve the results at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
4.2.2 EnrollEnrollRequest
EnrollResponse
The Enroll operation adds a new subject or, in an encounter-centric model, a new encounter to the system. This may be accomplished in a number of different ways according to system requirements and/or resources.If the Enroll operation is implemented as a synchronous service, the implementing system immediately processes the request and returns the results in the Return Data parameter. If the Enroll operation is implemented as an asynchronous service, the implementing system returns a non-zero token in the Token parameter, which is an indication that the request is being handled asynchronously. In this case, the GetEnrollResults operation is used to poll for the results of the Enroll request.
If the identity model is encounter-centric, the encounter ID may optionally be specified by the caller. If the encounter ID is omitted the operation returns a system-assigned encounter ID.
Request Message
Field Type # ? Meaning
Enroll Y Adds a new subject or, in an encounter-centric model, a new encounter to the system.
EnrollRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “Enroll”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.
Option OptionType 0..* N An option supported by the implementing system.
InputData InformationType 1 Y Contains the input data for the operation, as required by the implementing system.
Identity BIASIdentity 0..1 N
EncounterID BIASIDType 0..1 N The identifier for the encounter; required for encounter-centric models.
Response Message
Field Type # ? Meaning
EnrollResponse Y The response to an Enroll operation.
EnrollResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1
N A short message corresponding to the return code.
Identity BIASIdentity 1 Y
SubjectID BIASIDType 0..1
C The identifier assigned to the subject.
EncounterID BIASIDType 0..1
C The identifier of the encounter; required for encounter-centric models.
ReturnData InformationType 0..1
N Contains the output data for the response.
Token TokenType 0..1
C A token used to retrieve the results of the Enroll request; returned with asynchronous request processing. If set to zero, operation is processed synchronously. If set to a non-zero value, operation is processed asynchronously and Get Enroll Results must be used to retrieve the results.
TokenValue string 1 Y A value returned by the implementing system that is used by Get Enroll Results to retrieve the results at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
4.2.3 GetDeletionResultsGetDeletionResultsRequest
GetDeletionResultsResponse
The GetDeletionResults operation retrieves the deletion results for the specified token. This operation is used in conjunction with the Delete operation. If the Delete operation is implemented as an asynchronous service, the implementing system returns a token and the GetDeletionResults operation is used to poll for the results of the original Delete request.
If the service provider implements an asynchronous Delete operation, then it MUST also implement the Get Deletion Results operation.
Request Message
Field Type # ? Meaning
GetDeletionResults Y Retrieves the deletion results for the specified token.
GetDeletionResultsRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “GetDeletionResults”.
Token TokenType 1 Y A value used to retrieve the results of the Delete request.
TokenValue string 1 Y A value returned by the implementing system that is used to
retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
Response Message
Field Type # ? Meaning
GetDeletionResultsResponse Y The response to a GetDeletionResults operation.
GetDeletionResultsResponsePackage1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
4.2.4 GetEnrollResultsGetEnrollResultsRequest
GetEnrollResultsResponse
The GetEnrollResults operation retrieves the enrollment results for the specified token. This operation is used in conjunction with the Enroll operation. If the Enroll operation is implemented as an asynchronous service, the implementing system returns a token and the GetEnrollResults operation is used to poll for the results of the original Enroll request.
If the service provider implements an asynchronous Enroll operation, then it MUST also implement the GetEnrollResults operation.
Request Message
Field Type # ? Meaning
GetEnrollResults Y Retrieves the enrollment results for the specified token.
SubjectID BIASIDType 0..1 C The identifier assigned to the subject.
EncounterID BIASIDType 0..1 C The identifier of the encounter; if assigned.
4.2.5 GetIdentifyResultsGetIdentifyResultsRequest
GetIdentifyResultsResponse
The GetIdentifyResults operation retrieves the identification results for the specified token. This operation is used in conjunction with the Identify operation. If the Identify operation is implemented as an asynchronous service, the implementing system returns a token and the GetIdentifyResults operation is used to poll for the results of the original Identify request.
If the service provider implements an asynchronous Identify operation, then it MUST also implement the GetIdentifyResults operation.
Request Message
Field Type # ? Meaning
GetIdentifyResults Y Retrieves the identification results for the specified token
GetIdentifyResultsRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “GetIdentifyResults”.
Token TokenType 1 Y A value used to retrieve the results of the Identify request.
TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.
which point the token expires and the operation results are no longer guaranteed to be available.
Response Message
Field Type # ? Meaning
GetIdentifyResultsResponse Y The response to a GetIdentifyResults operation.
GetIdentifyResultsResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
Identity BIASIdentity
EncounterID BIASIDType 0..1 C The identifier of the encounter, if assigned.
CandidateList CandidateListType 0..1 C A rank-ordered list of candidates that have a likelihood of matching the input biometric sample.
ReturnData InformationType 0..1 N Contains the output data for the response.
4.2.6 GetUpdateResultsGetUpdateResultsRequest
GetUpdateResultsResponse
The GetUpdateResults operation retrieves the update results for the specified token. This operation is used in conjunction with the Update operation. If the Update operation is implemented as an asynchronous service, the implementing system returns a token and the GetUpdateResults operation is used to poll for the results of the original Update request.
If the service provider implements an asynchronous Update operation, then it MUST also implement the GetUpdateResults operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
4.2.7 GetVerifyResultsGetVerifyResultsRequest
GetVerifyResultsResponse
The GetVerifyResults operation retrieves the verification results for the specified token. This operation is used in conjunction with the Verify operation. If the Verify operation is implemented as an asynchronous service, the implementing system returns a non-zero token and the GetVerifyResults operation is used to poll for the results of the original Verify request.
If the service provider implements an asynchronous Verifyoperation, then it MUST also implement the GetVerifyResults operation.
Request Message
Field Type # ? Meaning
GetVerifyResults Y Retrieves the verification results for the specified token
GetVerifyResultsRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “GetVerifyResults”.
Token TokenType 1 Y A value used to retrieve the results of the Verify request.
TokenValue string 1 Y A value returned by the implementing system that is used to
The Identify operation performs an identification function according to system requirements and/or resources.If the Identify operation is implemented as a synchronous service, the implementing system immediately processes the request and returns the results in the Return Data parameter. If the Identify operation is implemented as an asynchronous service, the implementing system returns a non-zero token in the Token parameter, which is an indication that the request is being handled asynchronously. In this case, the GetIdentifyResults operation is used to poll for the results of the Identify request.
Request Message
Field Type # ? Meaning
Identify Y Performs an identification function.
IdentifyRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “Identify”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.
Option OptionType 0..* N An option supported by the implementing system.
InputData InformationType 1 Y Contains the input data for the aggregate services.
GalleryID BIASIDType 0..1 N The identifier of the gallery or population group which will be searched; this parameter may also be used to identify an external system where the identification request should be forwarded, if this capability is supported by the implementing system.
MaxListSize positiveInteger 1 Y The maximum size of the candidate list that should be returned.
Response Message
Field Type # ? Meaning
IdentifyResponse Y The response to an Identify operation.
IdentifyResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
Identity BIASIdentity 0..1 C
EncounterID BIASIDType 1 Y The identifier of the encounter, if assigned.
CandidateList CandidateListType 0..1 C A rank-ordered list of candidates that have a likelihood of matching the input biometric sample; returned with successful, synchronous processing.
Token TokenType 0..1 C A value used to retrieve the results of the Identify request; returned with asynchronous request processing. If set to zero, operation is processed synchronously and candidate list is returned. If set to a non-zero value, operation is processed asynchronously and Get Identify Results must be used to retrieve the results.
TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
4.2.9 RetrieveDataRetrieveDataRequest
RetrieveDataResponse
The RetrieveData operation retrieves requested information about a subject, or in an encounter-centric model about an encounter. In a person-centric model, this operation can be used to retrieve both biographic and biometric information for a subject record. In an encounter-centric model, this operation can be used to retrieve biographic and/or biometric information for either a single encounter or all encounters. Either a subject ID or encounter ID MUST be specified.
Request Message
Field Type # ? Meaning
RetrieveData Y Retrieves requested information about a subject or encounter.
RetrieveDataRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “RetrieveData”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed, and MAY identify what type(s) of information should be returned.
Option OptionType 0..* N An option supported by the implementing system.
Identity BIASIdentity 1 Y Includes the identifier of the subject or encounter.
SubjectID BIASIDType 0..1 C A system unique identifier for a subject.Required if an Encounter ID is not provided.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required if a Subject ID is not provided.
Response Message
Field Type # ? Meaning
RetrieveDataResponse Y Response to a RetrieveData operation.
RetrieveDataResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
4.2.10 UpdateUpdateRequest
UpdateResponse
The Update operation updates specified information about a subject, or in an encounter-centric model about an encounter. In a person-centric model, this operation can be used to update both biographic, biometric and document information for a subject record. In an encounter-centric model, this operation can be used to update biographic, biometric and/or document information for either a single encounter or all encounters. Either a subject ID or encounter ID MUST be specified.
Request Message
Field Type # ? Meaning
Update Y Updates requested information about a subject or encounter.
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “Update”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed, and MAY identify what type(s) of information should be returned.
Option OptionType 0..* N An option supported by the implementing system.
InputData InformationType 1 Y Contains the subject data to update.
Identity BIASIdentity 1 Y Includes the identifier of the subject or encounter.
SubjectID BIASIDType 0..1 C The identifier of the subject;Required if an Encounter ID is not provided.
EncounterID BIASIDType 0..1 C The identifier of an encounter associated with the subject.Required if a Subject ID is not provided.
Response Message
Field Type # ? Meaning
UpdateResponse Y Response to an Update operation.
UpdateResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
Token TokenType 0..1 C A value used to retrieve the results of the Update request; returned with asynchronous request processing. If set to zero, operation is processed synchronously. If set to a non-zero value, operation is processed asynchronously and Get Update Results must be used to retrieve the results.
TokenValue string 1 Y A value returned by the implementing system that is used to retrieve the results to an operation at a later time.
Expiration date 1 Y A date and time at which point the token expires and the operation results are no longer guaranteed to be available.
4.2.11 VerifyVerifyRequest
VerifyResponse
The Verify operation performs a 1:1 verification function according to system requirements and/or resources. Either the Identity Claim or Reference BIR input parameters are REQUIRED.If the Verify operation is implemented as a synchronous service, the implementing system immediately processes the request and returns the results in the Return Data parameter. If the Verify operation is implemented as an asynchronous service, the implementing system returns a non-zero token in the Token parameter, which is an indication that the request is being handled asynchronously. In this case, the GetVerifyResults operation is used to poll for the results of the Verify request.
In encounter mode, for match operations, the BIAS service provider will create the encounter and will set the encounter type to “recognition”. Additionally the encounter ID may optionally be specified by the caller.
If the encounter ID is omitted for the encounter-centric model, the service should return a system-assigned encounter ID.
Request Message
Field Type # ? Meaning
Verify Y Performs a 1:1 verification function.
VerifyRequest 1 Y
GenericRequestParametersGenericRequestParameters 0..1 N Common request
parameters that can be used to identify the requester.
Application ApplicationIdentifier 0..1 N Identifies the requesting application.
ApplicationUser ApplicationUserIdentifier 0..1 N Identifies the user or instance of the requesting application.
BIASOperationNamestring 0..1 N Identifies the BIAS
operation that is being requested: “Verify”.
ProcessingOptions ProcessingOptionsType 1 Y Options that guide how the aggregate service request is processed.
Option OptionType 0..* N An option supported by the implementing system.
InputData InformationType 1 Y Contains the input data for the aggregate services.
Identity BIASIdentity 1 Y Includes either the Identity Claim or Reference BIR.
IdentityClaim BIASIDType 0..1 C An identifier by which a subject is known to a particular gallery or population group.Required if a Reference BIR is not provided.
BiometricData BIASBiometricDataType 0..1 N An Identity’s biometric data.
ReferenceBIRCBEFF_BIR_Type 0..1 C Maps to specific
ISO/IEC BIAS elements as required by that specification.Required if an Identity Claim is not provided.
GalleryID BIASIDType 0..1 C The identifier of the gallery or population group of which the subject must be a member.Required if an Identity Claim is provided.
Response Message
Field Type # ? Meaning
VerifyResponse Y The response to a Verify operation.
VerifyResponsePackage 1 Y
ResponseStatus ResponseStatus 1 Y Returned status for the operation.
Return ReturnCode 1 Y The return code indicates the return status of the operation.
Message string 0..1 N A short message corresponding to the return code.
ReturnData InformationType 0..1 N Contains the output data for the response.
Match boolean 0..1 N Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.
Score ScoreType 0..1 N The score if the biometric information matched.
Identity BIASIdentity 0..1 C
EncounterID BIASIDType 1 Y The identifier of the encounter, if assigned.
Token TokenType 0..1 C A value used to retrieve the results of the Verify request; returned with asynchronous request processing. If set to zero, operation is processed synchronously. If set to a non-zero value, operation is processed asynchronously and Get Verify Results must be used to retrieve the results.
5 Message structure and rulesBIAS operations and data elements are defined in XML in the ISO/IEC 30108 BIAS standard. This OASIS standard further specifies the full XML schema (see Annex A) and specifies how this XML is packaged and exchanged as SOAP messages. Annex A provides a WSDL of operations and structures aggregated from all the conformance classes, both synchronous and asynchronous. A specific implementation’s WSDL must only expose its respective operations and structures. For example, for a Class 5-only conformant implementation, all of the primitive operations must not be exposed as operations (with the exception of QueryCapabilities) unless that functionality is supported. Additionally, the WSDL exposed by an implementation shall not contain instances of xsd:any, xsd:anyType, or xsd:anyAttribute; these instances must be replaced with explicit schema contents. An example is the XML complex type, InformationType, which has xsd:any as its only child. This type is used to represent implementation-specific input data and return data. The children of InformationType must be replaced with explicit content. Doing so removes the ability to transmit unexpected or arbitrary data. Also, it provides a clear definition of information that a client needs to provide to the server,or expect to receive,to optimally perform an operation.SOAP 1.1 messages consist of three elements: an envelope, header data, and a message body. BIAS request-response elements MUST be enclosed within the SOAP message body. The general structure of the BIAS SOAP message is shown in Figure 4, below. The data model for BIAS is addressed in Section3 and BIAS messages in Section 4.
SOAP Envelope
SOAP Header
SOAP Payload
SOAP Body
BIAS XML Elements
Figure 4. BIAS SOAP Structure
Biometric data, regardless of native format, is carried as a binary structure. As such, options exist on how this data is carried within the SOAP structure. It can be carried as embedded Base-64 objects or [XOP] can be used – this standard allows for either method (See section 5.3).
5.1 Purpose and constraintsThis document defines a SOAP profile describing how the XML elements defined in ISO/IEC 30108 are to be used as the payload of a SOAP message and the rules for structuring and exchanging such messages. Philosophical tenets include:
SOAP messages will carry BIAS XML [XML 10] payloads. SOAP messages will follow WS-I and will deviate only when absolutely necessary. Message structures and interchanges will be kept as simple as possible – “nice to have”
features will be addressed in future revisions. XML schemas will be produced based on ISO/IEC 30108. BIAS will support a broad range of application domains. BIAS will allow for a variety of biometric and biographic data formats to be used Only the SOAP messaging will be defined – no message protocols or client/server agents
will be defined. Basic usage/formatting rules (beyond WS-I) will be defined. Existing biometric and Web services standards will be leveraged wherever possible. Sample WSDL and use cases will be provided as an aid in implementation. Use of basic SOAP will allow all other compatible WS* standards (and discovery
mechanisms) to be used in conjunction with BIAS messaging. BIAS will support both secure (i.e., using existing security mechanisms such as WS-
Security, SAML, etc,) and non-secure implementations. Generic biometric operations will be defined – use of biometrics within a Web services
authentication protocol is not addressed. OASIS namespace rules will be followed, though some external schemas MAY also be
referenced.
5.2 Message requirementsBIAS SOAP messages MUST conform to [WS-I-Basic] and [WS-I-Bind]. A single BIAS SOAP message MUST contain only one BIAS service request (or single BIAS service response). Binary components of BIAS messages are already Base-64 encoded and therefore do not need to be conveyed as SOAP attachments (though XOP MAY be utilized). The system model used for BIAS conversations over SOAP is a simple request-response model. BIAS comprises both synchronous and asynchronous operations, with the majority being of the former type. Asynchronous operations are implemented through message pairs. That is, there are separate messages to request the operation and to request the results of the operation. These have been defined for those operations that are likely to take significant time to complete. For example, an identify operation can be implemented as either a synchronous or asynchronous service as follows:
Figure 5. Example of Synchronous and Asynchronous BIAS Operations
The basic process for using SOAP for BIAS operations is:1. A system entity acting as a BIAS requester transmits a BIAS request element within the body of a
SOAP message to a system entity acting as a BIAS responder. The BIAS requester MUST NOT include more than one BIAS request per SOAP message or include any additional XML elements in the SOAP body.
2. The BIAS responder MUST return either a BIAS response element within the body of another SOAP message or generate a SOAP fault. The BIAS responder MUST NOT include more than one BIAS response per SOAP message or include any additional XML elements in the SOAP body. If a BIAS responder cannot, for some reason, process a BIAS request, it MUST generate a SOAP fault. (SOAP 1.1 faults and fault codes are discussed in [SOAP11] section 5.1.)
3. On receiving a BIAS response in a SOAP message, the BIAS requester MUST NOT send a fault code or other error messages to the BIAS responder. Since the format for the message interchange is a simple request-response pattern, adding additional items such as error conditions would needlessly complicate the protocol.
SOAP 1.1 also defines an optional data encoding system. This system is not used within the BIAS SOAP binding. This means that BIAS messages can be transported using SOAP without re-encoding from the “standard” BIAS schema to one based on the SOAP encoding.
NOTE: [SOAP11] references an early draft of the XML Schema specification including an obsolete namespace. BIAS requesters SHOULD generate SOAP documents referencing only the final XML schema namespace. BIAS responders MUST be able to process both the XML schema namespace used in [SOAP11] as well as the final XML schema namespace.
5.3 Handling binary dataBIAS messages frequently contain binary data (e.g., biometric data, scanned identity documents, etc.). Two methods are provided for dealing with this:
Embedded Base64 encoding XOP [XOP]
Use of SOAP with Attachments (SWA) is deprecated.
5.3.1 Base64 encodingThis method is the default method for including binary data. Binary data is Base64 encoded and included between the tags in the XML SOAP body for the appropriate data elements. Data elements using this method are indicated as such in the schema.
or contain an element which is binary (e.g., an image within an XML BDB).
5.3.2 Use of XOPWhen XOP is used, the binary content is replaced with a reference (URI) to an attachment (i.e., MIME) which contains that “stripped” content via an xop:include. The advantage of this method is overall message size during transmission since the overhead of the embedded Base64 is not present (since the MIME attachment contains the native binary format).Use of XOP is generally transparent to the developer, other than in how they configure their toolset. Most frameworks support this; however, there is a possibility of mismatch if the transmitter supports and uses XOP but the receiver does not.
5.4 DiscoveryBIAS implementers (service providers) MUST provide WSDL [WSDL11] to describe their implementations. This WSDL MAY or may not be made public via a standard discovery mechanism (such as UDDI) or other method.In addition, it is REQUIRED that the BIAS implementation include the QueryCapabilities operation to provide dynamic information regarding BIAS capabilities, options, galleries, etc. that are supported.
5.5 Identifying operationsReceivers of BIAS SOAP messages require a method of easily identifying the operation being requested (or response being provided). This SHOULD be possible without the receiver needing to infer it from the sum of the elements provided within the body of the SOAP message. The BIAS SOAP profile allows for two methods of identifying BIAS operations:
Explicit named element in body of the SOAP message Use of WS-Addressing Action element
5.5.1 Operation name elementThe BIAS message sender (requester) will include within the body of the BIAS SOAP message an XML element <BIASOperationName>. The receiver (service provider) can search for this tag within a received BIAS SOAP message to determine what operation is being requested. There is no requirement related to the ordering of this element within the message, though it is RECOMMENDED that it be included early in the message to aid in human readability.An example of this method for the CreateSubject operation is shown below:
5.5.2 WS-Addressing ActionWS-Addressing [WS-Addr] provides a mechanism for including action information inside any SOAP message. The information is in the SOAP Header. The WS-Addressing ‘Action’ element is used to indicate the intent of the message. The value is a URI/IRI identifying that intent; however, there are no restrictions on the format or specificity of the URI/IRInor a requirement that it can be resolved. Adoption of this option also requires that the WS-Addressing ‘To’, ‘ReplyTo’, and ‘MessageID’ elements are supplied, as they are mandatory elements in a request-reply message pattern as used within BIAS. Response messages would also need to use WS-Addressing, requiring the ‘To’ (matching the ‘ReplyTo’ element in the request), ‘RelatesTo’ (matching the ‘MessageID’ element in the request), and ‘RelationshipType’ (default value to “wsa:Reply”) elements. Use of WS-Addressing is OPTIONAL in this profile as is this method of using the ‘Action’ field for this purpose. However, when BIAS is used within an environment using WS-Addressing, it is RECOMMENDED that this approach for use of the ‘Action’ field to carry the BIAS operation name is employed, either alone or in combination with the BIASOperationName approach described in section 5.5.1.An example for a message request for the CreateSubject operation would look likethe following:
POST /bias HTTP/1.1Host: www.acme.comContent-Type: application/soap+xml; charset=”utf-8”Content-Length: nnnnSOAPAction: “”
5.6 SecurityThe end-points that exchange SOAP messages (or handle the contents of the BIAS operations) are expected to be protected and trusted such that message-level security mechanisms may not be required. The use of SSL (HTTPS) or VPN technology that provides end-point to end-point security is RECOMMENDED and MAY be sufficient in some cases. Other mechanisms such as Signed XML or WSS [WSS] could also be implemented.Unless stated otherwise, the following security statements apply to all BIAS bindings.
5.6.1 Use of SSL 3.0 or TLS 1.0Unless otherwise specified, in any BIAS binding’s use of SSL 3.0 [SSL3] or TLS1.0 [RFC2246], servers MUST authenticate clients using a X.509 v3 certificate [X509]. The client MUST establish server identity based on contents of the certificate (typically through examination of the certificate’s subject DN field, subjectAltName attribute, etc.).Use of transport level security in the form of SSL or TLS is OPTIONAL but highly RECOMMENDED. Use of these mechanisms alone may not be sufficient for end-to-end integrity and confidentiality, however (see 5.6.3 and 5.6.4 below).
5.6.2 Data Origin AuthenticationAuthentication of both the BIAS requester and the BIAS responder associated with a message is OPTIONAL and depends on the environment of use: Authentication mechanisms available at the SOAP message exchange layer or from the underlying substrate protocol (for example, in many bindings the SSL/TLS or HTTP protocol) MAY be utilized to provide data origin authentication.Transport authentication will not meet end-to-end origin authentication requirements in bindings where the BIAS SOAP message passes through an intermediary – in this case, message authentication is RECOMMENDED.Note that SAML [SAML] MAY be used as the mechanism for parties to authenticate to one another.
5.6.3 Message IntegrityMessage integrity of both BIAS requests and BIAS responses is OPTIONAL and depends on the environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP message exchange layer MAY be used to ensure message integrity.Transport integrity will not meet end-to-end integrity requirements in bindings where the BIAS SOAP message passes through an intermediary – in this case, message integrity is RECOMMENDED.
5.6.4 Message ConfidentialityMessage confidentiality of both BIAS requests and BIAS responses is OPTIONAL and depends on the environment of use. The security layer in the underlying substrate protocol or a mechanism at the SOAP message exchange layer MAY be used to ensure message confidentiality.Transport confidentiality will not meet end-to-end confidentiality requirements in bindings where the BIAS SOAP message passes through an intermediary.
NOTE: Biometric and biographic data is likely to contain personal information the confidentiality of which SHOULD be protected accordingly. See ISO/IEC 30108, section 6.5 for further discussion.
5.6.5 CBEFF BIR security featuresWithin BIAS, biometric data is transferred within a CBEFF BIR (as defined in ISO/IEC 19785-1). CBEFF provides for the optional encryption of the Biometric Data Block (BDB) of the BIR and for the integrity of the entire BIR. If implemented, this is indicated in the BIR header. The BIR structure defines an optional Security Block which MAY contain a digital signature (or message authentication code), encryption parameters (e.g., key name, algorithm, etc.), and/or other security related data. Such protections are associated with an individual BIR and are separate from any other protections provided at the message level.
5.6.6 Security ConsiderationsBefore deployment, each combination of authentication, message integrity, and confidentiality mechanisms SHOULD be analyzed for vulnerability in the context of the specific protocol exchange and the deployment environment. Special care should be given to the impact of possible caching on security.IETF RFC 2617 [RFC2617] describes possible attacks in the HTTP environment when basic or message digest authentication schemes are used.Many of the security considerations identified in [SAML SEC] MAY also apply.ISO/IEC 19092 [BIO SEC] describes a security framework for biometric systems including a minimum set of security requirements addressing integrity, authenticity, and confidentiality of biometric information during transmission and storage. These SHOULD be considered as part of an overall risk management approach.
NOTE: The requirements of ISO/IEC 19092, though useful across many application domains, are required for most biometric system implementations in the financial services environment. Application of this standard would make the requirements of sections 5.5.3 through 5.5.5 mandatory rather than optional. This is highly RECOMMENDED for any high security environment or where privacy concerns exist.
5.6.7 Security of Stored DataThis specification does not address security considerations for stored data. It is the purview of the BIAS service provider to implement security mechanisms and protect data at rest as per their own security policies.
5.6.8 Key ManagementThis specification does not address key management considerations with respect to implementation of cryptographic security mechanisms (e.g., for authenticity, integrity, or confidentiality).
5.7 Use with other WS* standardsThe intent of specifying SOAP bindings for BIAS messages is to enable the full range of existing Web services standards to be able to be applied. Some may be normative while others can be optionally applied (i.e., WS-Security, WS-Addressing). Still others may require additional profiling to be used in an interoperable manner (e.g., WS-Notification); this is left to a future revision. However, the intent is to avoid specifying anything in the first, base version that would preclude the use of such standards in the future.
5.8 TailoringThis standard provides for a common method of implementing biometric Web services; however, it does not guarantee interoperability in a specific application. In some cases further tailoring or profiling of this standard may be required in order to further constrain the implementation options available.
NOTE: As an example, BIAS allows for a number of different biographic and biometric data formats to be used, whereas a given application/domain MAY wish to limit this to a small set or just one of each type. Other examples (not comprehensive) include:
Identification of a subset of BIAS operations to be used Specification of security features to be implemented (e.g., SSL, CBEFF BIR encryption, etc.) Choice of operation name identification method Choice of BIR type to be used (XML, non-XML, or URI) Further definition of aggregate operations Use (or not) of the encounter model Use (or not) of asynchronous operations Process sequences Implementation specific values (e.g., Transform operations/controls)
6 Error handlingThere are two levels of errors that can be returned in an error response: system and service errors.
System-level errors occur when the implementing system cannot service a request. They could result due to an internal logic error or because the implementing system does not support a particular request.
Service-level errors occur when there is a problem transmitting or representing the service request. They could result due to an invalid service request or because of a communications error.
The ISO/IEC BIAS standard defines the error condition codes for system-level errors. If successful, a response message (containing a return code) will be generated. If unsuccessful, a SOAP fault message (containing a fault code) will be generated.
6.1 BIAS operation return codesIf a BIAS operation is successful, a response (service output) will be sent to the requester by the service provider. Each response message contains a response status (see section 3.2.37) and return code (see section 3.2.38) along with any response data as defined for that operation, if any. A response code of ‘0’ indicates success.
6.2 SOAP fault codesIf a BIAS operation is unsuccessful, no BIAS response message is sent. Instead a SOAP fault message is returned.Every Web service (operation) described in the BIAS WSDL may result in a fault message that will be returned in the response by the service provider in the event of an error. The fault message contains a FaultCode element as defined by the SOAP 1.1 specification (see section 3.2.5). The fault message MUST contain a Detail element in a common format, as described by the BIASFault element (see section 3.2.6).The schema provided in Annex A defines “BIASFaultCode” and “BIASFaultDetail” types as well as “BIASFault”, “BIASFaultType”, “BIASFaultMessage” and “BIASFaultDescription” elements.The list of defined BIAS fault codes is provided in section 3.2.5. Note that BIAS service providers MAY define additional fault codes unique to their service.
NOTE: See also section 5.2 for additional information on message returns and faults.
7 ConformanceImplementations claiming conformance to this standard, MUST implement, at a minimum, all mandatory requirements and provisions set forth in Clauses 3, 4, 5 and 6. If such implementations claim conformance to any OPTIONAL requirements and provisions stated in Clauses 3, 4, 5 and 6, these requirements and provisions MUST be implemented as set forth in these Clauses. ISO/IEC 30108 Error: Reference source not found (Annex A) specifies seven BIAS conformance classes. For each class, a set of mandatory BIAS operations is identified in order for implementations (BIAS service providers) to claim conformance. These categories are:
Class 1: Full Primitive Services Implementation Class 2: Full Aggregate Services Implementation Class 3: Limited Primitive Services Implementation Class 4: Minimum Primitive Services Implementation Class 5: Minimum Aggregate Services Implementation Class 6: Matcher Primitive Services Implementation Class 7: Matcher Aggregate Services Implementation
In addition, the minimum capability information to be returned in response to a Query Capabilities request (the only mandatory BIAS operation across all 5 classes) is specified for each class.These conformance classes and their associated requirements apply to this BIAS SOAP Profile.There are no minimum set of operations required to be implemented by BIAS requesters; however, any operations implemented must conform to the requirements of Clauses 3 and 4 and those requirements within Clause 5 that are mandatory and are not specific to BIAS responders.
<xsd:documentation>Reference to a URI/IRI describing the biographic data format. For example: (FBI-EFTS) www.fbibiospecs.org, (DOD-EBTS) www.biometrics.dod.mil, (INT-I)
<xsd:documentation>The biographic data format type. Use these types for common formats: ASCII (e.g., for non-XML versions of FBI-EFTS, FBI-EBTS, DOD-EFTS, or INT-I),
XML (e.g., for NIEM, xNAL, and HR-XML or future version of FBI-EBTS).</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:any namespace="##any">
<xsd:annotation>
<xsd:documentation>Biographic data formatted according to a specific format.</xsd:documentation>
</xsd:annotation>
</xsd:any>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BiographicDataType">
<xsd:annotation>
<xsd:documentation>
Defines a set of biographic data elements, utilizing either the
BiographicDataItemType to represent a list of elements or the
BiographicDataSetType to represent a complete, formatted set of
<xsd:documentation>Identifies the standards body, working group, industry consortium, or other CBEFF biometric organization that has defined the format for the biometric
<xsd:documentation>Identifies the specific biometric data format specified by the CBEFF biometric organization recorded in the BDB Format Owner field.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="BiometricDataListType">
<xsd:annotation>
<xsd:documentation>A list of biometric data elements.</xsd:documentation>
<xsd:documentation>The family name of the person to whom the identity document was issued, as contained within the document itself.</xsd:documentation>
<xsd:documentation>The first given name of the person to whom the identity document was issued, as contained within the document itself.</xsd:documentation>
<xsd:documentation>The second given name of the person to whom the identity document was issued, as contained within the document itself.</xsd:documentation>
<xsd:documentation>Data structure containing information about a document and optionally an image of that document.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="EncounterCategoryType">
<xsd:annotation>
<xsd:documentation>Identifies the type of encounter (interaction) during which the identity (biographic, biometric, and/or document) data was collected from the subject as
determined by the requester.</xsd:documentation>
</xsd:annotation>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="Enrolment">
<xsd:annotation>
<xsd:documentation>The encounter is created during an enrolment interaction.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="Recognition">
<xsd:annotation>
<xsd:documentation>The encounter is created during a recognition interaction.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="Unspecified">
<xsd:annotation>
<xsd:documentation>The type of encounter is unknown.</xsd:documentation>
<xsd:documentation>The identifier of an encounter.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="FusionIdentityListType">
<xsd:annotation>
<xsd:documentation>
Contains fusion input elements for one or more identities, utilizing the FusionInformationListType to represent a single set of fusion information for each identity.
<xsd:documentation>The Algorithm Owner's identifier for the specific algorithm product and version used to determine the score or decision.</xsd:documentation>
<xsd:documentation>A Boolean flag indicating if biometric subtype information should be returned.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="MatchType">
<xsd:annotation>
<xsd:documentation>The result of a fusion method.</xsd:documentation>
</xsd:annotation>
<xsd:restriction base="xsd:boolean"/>
</xsd:simpleType>
<xsd:complexType name="OptionType">
<xsd:annotation>
<xsd:documentation>
BIAS aggregate operations support the ability to include various processing options which direct and possibly control the business logic for that operation. Together with the
ProcessingOptionsType, The OptionType provides a method to represent those options. Processing options SHOULD be defined by the implementing system.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="Key" type="xsd:string" >
<xsd:annotation>
<xsd:documentation>The identifier of an option supported by the implementing system.</xsd:documentation>
<xsd:documentation>A date and time at which point the token expires and the service results are no longer guaranteed to be available.</xsd:documentation>
<xsd:documentation>Data structure containing a Subject ID associated with a single biometric sample for which a quality score is to be determined; required if no BIR is
<xsd:documentation>Erase all of the document data associated with a given subject record or, in the encounter-centric model, with a given encounter.</xsd:documentation>
<xsd:documentation>The identifier of the gallery or population group which will be searched. Must not be used in conjunction with Gallery parameter</xsd:documentation>
<xsd:documentation>A list of BIRs to be used instead of a stored gallery. Must not be used in conjunction with GalleryID parameter.</xsd:documentation>
<xsd:documentation>A rank-ordered list of candidates that have a likelihood of matching the input biometric sample; returned with successful synchronous request
<xsd:documentation>A token used to retrieve the results of the IdentifySubject request; returned with asynchronous request processing.</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
<xsd:element name="ListBiographicData">
<xsd:complexType>
<xsd:annotation>
<xsd:documentation>
Lists the biographic data elements stored for a subject.
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to store.</xsd:documentation>
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to store.</xsd:documentation>
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the document data to store.</xsd:documentation>
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biographic data to update.</xsd:documentation>
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the biometric data to update.</xsd:documentation>
<xsd:documentation>Identifies the subject or, in the encounter-centric model, a subject and an encounter, and includes the document data to update.</xsd:documentation>
<xsd:documentation>Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.</xsd:documentation>
<xsd:documentation>The identifier for the subject, or in encounter-centric model the encounter to be deleted; required for encounter-centric models.</xsd:documentation>
<xsd:documentation>The identifier for the subject, or in encounter-centric model, the encounter being deleted; required for encounter-centric models.</xsd:documentation>
<xsd:documentation>Indicates if the Input BIR matched either the biometric information associated with the Identity Claim or the Reference BIR.</xsd:documentation>
<xsd:documentation>Options that guide how the service request is processed, and may identify what type(s) of information should be returned.</xsd:documentation>
Appendix B. BIAS Patron format specificationThe BIAS SOAP Profile defines an XML CBEFF Patron Format based on, but tailored from, Clause 13/15 of ISO/IEC 19785-3 [CBEFF3] as specified below.
B.1 PatronOrganization for the Advancement of Structured Information Standards (OASIS)
B.2 Patron identifier82 (0052 Hex).
This has been allocated by the Registration Authority for ISO/IEC 19785-2.
B.3 Patron format nameOASIS BIAS CBEFF XML Patron Format
B.4 Patron format identifier01 (0001 Hex).
This has been registered in accordance with ISO/IEC 19785-2.
B.5 ASN.1 object identifier for this patron formatNo ASN.1 object identifiers are assigned to this patron format
B.6 Domain of useThis clause specifies a patron format based on XML that is designed to be friendly with code generation tools. It defines a CBEFF structure that allows for the creation of simple, complex, and multi-modal BIRs for use within BIAS transactions.
B.7 Version identifierThis patron format specification has a version identifier of (major 1, minor 0).
B.8 CBEFF versionThis specification conforms to CBEFF version (major 2, minor 0).
B.9 GeneralB.9.1 This patron format is based on W3C XML 1.0. It supports all the mandatory and optional data elements specified in ISO/IEC 19785-1. It can support either a simple BIR or a complex BIR structure where each intermediate node or leaf of the structure is itself a BIR (called a "child BIR"). B.9.2 Most fields in this patron format are optional. Some mandatory and optional fields are represented by XML elements, others are represented by attributes of XML elements. The presence of an optional field in a BIR is signaled by simply including the corresponding element or attribute, and its absence is signaled by simply omitting the corresponding element or attribute.B.9.3 Special encodings are specified for integers (see B.17), octet strings (see B.18), and date and time-of-the-day abstract values (see B.19).B.9.4 An instance of a BIR or child BIR contains either a BDB or one or more BIR children, but never contains both.B.9.5 An extension mechanism is specified, which enables the inclusion of application-specific data (not standardized) within a BIR or child BIR (see B.11.1.6).
B.10 SpecificationB.10.1 In the rest of this clause, the terms "element" and "attribute" are used with the meaning of "XML element" and "XML attribute", respectively.B.10.2 The namespace with the name " http://docs.oasis-open.org/bias/ns/biaspatronformat-1.0/" is called the patron format namespace of this patron format.
B.10.3 All elements defined in this patron format have the patron format namespace name. All attribute names are unqualified.B.10.4 An instance of a BIR shall be represented as a <BIR> element (see B.11).
B.10.5 The <BIR> element may be the root of an XML document, but this is not required.B.10.6 The portion of the XML document consisting of the <BIR> element and its whole content shall be valid according to the XML schema provided in B.22.
NOTE 1 – Validity according to that XML schema does not imply that the <BIR> element satisfies all the requirements in the normative text of this specification, as there are some requirements that cannot be (or are not) formally expressed in the XML schema.
NOTE 2 – When the <BIR> element is the root of an XML document, the UTF-8 character encoding is recommended for the XML document, because it will usually produce a smaller encoding.
B.10.7 The abstract value NO VALUE AVAILABLE, for any CBEFF data element that supports this abstract value, shall be encoded as the omission of the corresponding element or attribute both in the <BIR> element and in all of its ancestor <BIR> elements.
NOTE – The inheritance mechanism specified in B.14.2.1, B.15.2.1 and B.16.2.1 causes a data element of a BIR to inherit an abstract value (different from NO VALUE AVAILABLE) from its closest ancestor <BIR> element that contains that element or attribute when the <BIR> element in question does not contain it. If any <BIR> element in a hierarchy of <BIR> elements specifies an abstract value for a given data element, that abstract value can be overridden by a different abstract value in any of its descendant <BIR> elements, but the overriding abstract value can never be NO VALUE AVAILABLE.
B.11.1 SyntaxB.11.1.1 This element shall have no attributes, and shall have a content consisting of the following (in order):
a) an optional <Version> element (see B.12);
b) an optional <CBEFFVersion> element (see B.13);
c) zero or more application-specific elements;
d) a mandatory <BIRInfo> element (see B.14);
e) an optional <BDBInfo> element (see B.15);
f) an optional <SBInfo> element (see B.16);
g) zero or more <BIR> elements (see B.11);
h) either an optional <BDB> element that shall contain a valid representation of an octect string (see B.18), or an optional <bdbX> element that shall contain a valid XML string;
i) an optional <SB> element – the content of this element shall be a valid representation of an octet string.
B.11.1.2 The <BDB> or <bdbX> element shall not be present if one or more child <BIR> elements are present, and shall be present if no child <BIR> elements are present.
B.11.1.3 The <SB> element shall be absent unless its presence is required by F.14.2.2 or permitted by F.15.2.3.B.11.1.4 If the <BDB> or <bdbX> element is present, then the <BDBInfo> element shall also be present.B.11.1.5 If the <SB> element is present, then the <SBInfo> element shall also be present.
B.11.1.6 The number of application-specific elements and their name, namespace name, attributes, and content are not defined in this patron format specification. However, the namespace name of those elements shall be different from the patron format namespace name (see B.10.2).
B.11.2 SemanticsB.11.2.1 This element is either a complex or a simple BIR, depending on which child elements are present. If a child <BDB> or <bdbX> element is present, this element is a simple BIR. If one or more child <BIR> elements are present, this element is a complex BIR.
B.11.2.2 The elements <Version>, <CBEFFVersion>, <BIRInfo>, <BDBInfo>, and <SBInfo> and their content form the standard biometric header of the BIR.
B.11.2.3 The <Version> element (if present) carries the major and minor version number of this patron format.B.11.2.4 The <CBEFFVersion> element (if present) carries the major and minor version number of the CBEFF standard.B.11.2.5 Each <BIR> element is a whole BIR (of the same patron format) that is a child BIR of the BIR.
B.11.2.6 The <BDB> or <bdbX> element (if present) carries the biometric data block (BDB) of the BIR.
NOTE – A <BDB> or <bdbX> element and a <BIR> element cannot coexist as children of the same <BIR> element (see B.11.1.2).
B.11.2.7 The <SB> element (if present) carries the security block (SB) of the BIR.
NOTE – A <SB> element can coexist with either a <BIR> element or a <BDB> or <bdbX> element that is a child of the same <BIR> element.
B.11.2.8 The <BIRInfo> element carries information about both the BIR and (possibly) about its descendant BIRs (if the <BIR> element has one or more child <BIR> elements), as specified in B.14.2.1.
B.11.2.9 The <BDBInfo> element (if present) carries information about either the BDB of the BIR (if the <BIR> element has a child <BDB> or <bdbX> element) or about the BDBs of the descendant BIRs that have a child <BDB> or <bdbX> element (if the <BIR> element has one or more child <BIR> elements), as specified in B.15.2.1.B.11.2.10 The <SBInfo> element (if present) carries information about either the SB of the BIR (if the <BIR> element has a child <SB> element) or about the SBs of the descendant BIRs that have a child <SB> element (if the <BIR> element has one or more child <BIR> elements but no child <SB> element), as specified in B.16.2.1.
B.12 Element <Version>
B.12.1 SyntaxThis element shall have contents consisting of the following (in order):a) a required <Major> element – the value of this element shall be a valid representation of a non-
negative integer.
b) a required <Minor> element – the value of this element shall be a valid representation of a non-negative integer.
B.12.2 SemanticsB.12.2.1 This element represents the data element CBEFF_patron_header_version, and carries the (major and minor) version number of the patron format. The number assigned to this version of the patron format is major 1, minor 0.B.12.2.2 The <Major> element represents the major version number (1 in this version).
B.12.2.3 The <Minor> element represents the minor version number (0 in this version).
B.12.2.4 If this element is not present, the values Major="1" Minor="0" are implied.
B.12.2.5 A child <BIR> element shall have the same (major and minor) version number as its parent <BIR> element.
NOTE – This implies that the <Version> element, if present in a child <BIR> element, has to carry the same values as the <Version> element in the parent <BIR> element. This is equivalent to omitting the <Version> element. Therefore, this element is normally omitted in child <BIR> elements.
B.13.1 SyntaxThis element shall have content consisting of the following (in order):a) a required <Major> element – the value of this element shall be a valid representation of a non-
negative integer (see B.17);
b) a required <Minor> element – the value of this element shall be a valid representation of a non-negative integer.
B.13.2 Semantics
B.13.2.1 This element represents the data element CBEFF_version, and carries the version number of the CBEFF standard supported by this patron format. The number assigned to the version of CBEFF supported by this patron format is Major=2, Minor=0.B.13.2.2 The <Major> element represents the major version number (2 in this version).
B.13.2.3 The <Minor> element represents the minor version number (0 in this version).
B.13.2.4 If this element is not present, the values Major="2" Minor="0" are implied.
B.13.2.5 A child <BIR> element shall have the same CBEFF version number (major and minor) as its parent <BIR> element.
NOTE – Thus, the <CBEFFVersion> element is normally omitted from all child <BIR> elements, as it would be redundant.
B.14 Element <BIRInfo>
B.14.1 SyntaxB.14.1.1 This element shall have a content consisting of the following (in order):a) an optional <Creator> element – the content of this element shall be a string of ISO/IEC 10646
characters;
b) an optional <Index> element – the content of this element shall be a valid representation of a universally unique identifier (see B.20), and shall not inherit its value from any other level BIR;
c) an optional <Payload> element – the content of this element shall be a valid representation of an octet string, and shall not inherit its value from any other level BIR.
d) a required <Integrity> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.1;
e) an optional <CreationDate> element – the value of this element shall be a valid representation of a date and time of the day (see B.19);
f) an optional <NotValidBefore> element – the value of this element shall be a valid representation of a date and time of the day;
g) an optional <NotValidAfter> element – the value of this element shall be a valid representation of a date and time of the day.
B.14.2 SemanticsB.14.2.1 The <BIRInfo> element carries information about the BIR. In addition, if the BIR has one or more child BIRs (the <BIR> element has one or more child <BIR> elements), the information carried by the attributes and child elements of the <BIRInfo> element is inherited by those child BIRs except where overridden by a corresponding attribute or child element of the <BIRInfo> element of a child BIR. The information inherited by a BIR applies to that BIR, and (if the BIR has itself child BIRs) is further inherited by its child BIRs in the same way (and so on recursively).
NOTE – Since the Integrity element is required and the <BIRInfo> element is mandatory in all <BIR> elements, inheritance of the Integrity element can never occur.
B.14.2.2 The Integrity element indicates whether integrity information about this BIR is provided within the security block (SB) of the BIR (the child <SB> element of the parent <BIR> element of this <BIRInfo> element).
NOTE – This information may consist of a digital signature or MAC, a reference to a key or certificate, an encrypted key (with or without a reference to the key used to encrypt that key), or other parameters of the digital signing (or MAC) process.
B.14.2.3 If the value of the <Integrity> element is "true", then the parent <BIR> element of this <BIRInfo> element shall have a child <SB> element.
B.14.2.4 Table B.1 specifies the correspondence between the attributes and child elements of this element and CBEFF data elements, and specifies the supported abstract values and their encodings (see also B.10.7).
NOTE - This element represents all CBEFF data elements whose name begins with "CBEFF_BIR_".
Table B.1 – BIR information
CBEFF data element name XML element Supported abstract values and encodings
Reference
CBEFF_BIR_creator <Creator> All ISO/IEC 10646 character strings are supported.The character string shall be encoded as the string itself.
CBEFF_BIR_index <Index> All well-formed UUIDs are supported.The UUIDs shall be encoded as specified in B.20.Shall not inherit its value from any other BIR level.
CBEFF_BIR_payload <Payload> All octet strings are supported.The octet strings shall be encoded as specified in B.18.Shall not inherit its value from any other BIR level.
CBEFF_BIR_integrity_options <Integrity> The following abstract values are supported.The abstract values shall be encoded as shown below.NO INTEGRITY:
CBEFF data element name XML element Supported abstract values and encodings
Reference
"false"INTEGRITY:"true"
CBEFF_BIR_creation_date <CreationDate> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
CBEFF_BIR_validity_period(lower end)
<NotValidBefore> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
CBEFF_BIR_validity_period(upper end)
<NotValidAfter> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
B.15 Element <BDBInfo>
B.15.1 SyntaxB.15.1.1 This element shall have a content consisting of the following (in order):
a) an optional <ChallengeResponse> element – the content of this element shall be a valid representation of an octet string (see B.18);
b) an optional <Index> element – the content of this element shall be a valid representation of a universally unique identifier (see B.20).
c) an optional <FormatOwner> element – the value of this element shall be a valid representation of an integer in the range 1 to 65535 (see B.17);
d) an optional <FormatType> element – the value of this element shall be a valid representation of an integer in the range 1 to 65535;
e) an optional <Encryption> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.2;
f) an optional <CreationDate> element – the value of this element shall be a valid representation of a date and time of the day (see B.19);
g) an optional <NotValidBefore> element – the value of this element shall be a valid representation of a date and time of the day;
h) an optional <NotValidAfter> element – the value of this element shall be a valid representation of a date and time of the day;
i) an optional <Type> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.2;
j) an optional <Subtype> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.2;
k) an optional <Level> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.2;
l) an optional <ProductOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
m) an optional <ProductType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
n) an optional <CaptureDeviceOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
o) an optional <CaptureDeviceType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
p) an optional <FeatureExtractionAlgorithmOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
q) an optional <FeatureExtractionAlgorithmType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
r) an optional <ComparisonAlgorithmOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
s) an optional <ComparisonAlgorithmType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
t) an optional <QualityAlgorithmOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
u) an optional <QualityAlgorithmType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
v) an optional <CompressionAlgorithmOwner> element – the value of this element shall be a valid representation of an integer in the range 1..65535 (see B.17);
w) an optional <CompressionAlgorithmType> element – the value of this element shall be a valid representation of an integer in the range 1..65535;
x) an optional <Purpose> element – the value of this element shall be one of the character strings in the third cell of the corresponding row of Table B.2;
y) an optional <Quality> element – the value of this element shall be a valid representation of an integer in the range –2..100 (see B.17), as specified in the third cell of the corresponding row of Table B.2.
B.15.1.3 If the parent <BIR> element has a child <BDB> element, then the <Encryption> element shall be present in this <BDBInfo> element unless it is present in the child <BDBInfo> element of an ancestor <BIR> element (see also B.11.1.4).
B.15.1.4 If the parent <BIR> element has a child <BDB> element, then the <FormatOwner> element shall be present in this <BDBInfo> element unless it is present in the child <BDBInfo> element of an ancestor <BIR> element (see also B.11.1.4).
B.15.1.5 If the parent <BIR> element has a child <BDB> element, then the <FormatType> element shall be present in this <BDBInfo> element unless it is present in the child <BDBInfo> element of an ancestor <BIR> element (see also B.11.1.4).
NOTE – The ancestor <BIR> elements mentioned in the last three subclauses above need not be the same.
B.15.2 SemanticsB.15.2.1 If the BIR has a BDB (the <BIR> element has a child <BDB> element), then the <BDBInfo> element carries information about that BDB. Otherwise, the information carried by the attributes and child elements of the <BDBInfo> element is inherited by all the BIRs that are children of the BIR except where overridden by a corresponding attribute or child element of the <BDBInfo> element of a child BIR. The information inherited by a BIR with a BDB applies to that BDB, whereas the information inherited by a BIR that has itself child BIRs is further inherited by all the BIRs that are children of the BIR in the same way (and so on recursively).B.15.2.2 If the BIR has a BDB and encryption is applied to that BDB (either by including the encryption attribute with the value "true" in the <BDBInfo> element or by having the BIR inherit that attribute value from its parent BIR), then the BDB in the <BDB> element shall be encrypted.
B.15.2.3 If the BDB of a BIR is encrypted, information about the encryption process may be provided within the security block (SB) of that BIR (the child <SB> element of the parent <BIR> element of this <BIRInfo> element).
NOTE – This information may consist of a reference to an encryption key, an encrypted key (with or without a reference to the key used to encrypt that key), or other parameters of the encryption process.
B.15.2.4 Table B.2 specifies the correspondence between the attributes and child elements of this element and CBEFF data elements, and specifies the supported abstract values and their encodings (see also F.10.7).
NOTE – This element represents all CBEFF data elements whose name begins with "CBEFF_BDB_".
Table B.2 – BDB information
CBEFF data element name XML element Supported abstract values and encodings
Reference
CBEFF_BDB_format_owner <FormatOwner> All integers in the range 1 to 65535 are supported.The integers shall be encoded as specified in B.17.
CBEFF_BDB_format_type <FormatType> All integers in the range 1 to 65535 are supported.The integers shall be encoded as specified in B.17.
CBEFF_BDB_encryption_options <Encryption> The following abstract values are supported.The abstract values shall be encoded as shown below.NO ENCRYPTION:
CBEFF data element name XML element Supported abstract values and encodings
Reference
"false"ENCRYPTION: "true"
CBEFF_BDB_creation_date <CreationDate> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
CBEFF_BDB_validity_period(lower end)
<NotValidBefore> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
CBEFF_BDB_challenge_response <ChallengeResponse> All octet strings are supported.The octet strings shall be encoded as specified in B.18.Shall appear only in BIRs that have a BDB.
CBEFF_BDB_index <Index> All well-formed UUIDs are supported.The UUIDs shall be encoded as specified in B.20Shall appear only in BIRs that have a BDB.
CBEFF_BDB_validity_period(upper end)
<NotValidAfter> All date and time-of-the-day abstract values permitted by CBEFF are supported.The abstract values shall be encoded as specified in B.19.
CBEFF_BDB_biometric_type <Type> The following abstract values and all their unordered combinations are supported.A single abstract value shall be encoded as the corresponding string shown below. A combination of two or more abstract values shall be encoded as the concatenation of the corresponding strings, using a single space as separator.SCENT:"Scent"DNA:"DNA"EAR:"Ear"FACE:"Face"FINGER:"Finger"FOOT:"Foot"
CBEFF data element name XML element Supported abstract values and encodings
Reference
VEIN:"Vein"HAND GEOMETRY:"HandGeometry"IRIS:"Iris"RETINA:"Retina"VOICE:"Voice"GAIT:"Gait"KEYSTROKE:"Keystroke"LIP MOVEMENT:"LipMovement"SIGNATURE OR SIGN:"SignatureSign"
CBEFF_BDB_biometric_subtype <Subtype> The following abstract values are supported.The abstract values shall be encoded as shown below. A combination of two or more abstract values shall be encoded as the concatenation of the corresponding strings, using a single space as separator.LEFT: "Left"RIGHT: "Right"THUMB: "Thumb"INDEX FINGER: "IndexFinger"MIDDLE FINGER: "MiddleFinger"RING FINGER: "RingFinger"LITTLE FINGER: "LittleFinger"
CBEFF_BDB_processed_level <Level> The following abstract values are supported.The abstract values shall be encoded as shown below.RAW: "Raw"INTERMEDIATE: "Intermediate"PROCESSED:
CBEFF data element name XML element Supported abstract values and encodings
Reference
specified in B.17.
CBEFF_BDB_purpose <Purpose> The following abstract values are supported.The abstract values shall be encoded as shown below.VERIFY:"Verify"IDENTIFY:"Identify"ENROLL:"Enroll"ENROLL FOR VERIFICATION ONLY:"EnrollVerify"ENROLL FOR IDENTIFICATION ONLY:"EnrollIdentify"AUDIT:"Audit"
CBEFF_BDB_quality <Quality> The following abstract values are supported.The integers shall be encoded as specified in B.17. The other abstract values shall be encoded as shown below.INTEGERQUALITY NOT SUPPORTED BY BDB CREATOR: "-2"QUALITY SUPPORTED BY BDB CREATOR BUT NOT SET: "-1"
B.16 Element <SBInfo>
B.16.1 SyntaxB.16.1.1 This element shall have content consisting of the following (in order):a) an optional <FormatOwner> element – the value of this element shall be a valid representation of an
integer in the range 1 to 65535 (see B.17);
b) an optional <FormatType> element – the value of this element shall be a valid representation of an integer in the range 1 to 65535
B.16.1.2 If the parent <BIR> element has a child <SB> element, then the <FormatOwner> element shall be present in this <SBInfo> element unless it is present in the child <SBInfo> element of an ancestor <BIR> element (see also B.11.1.5).
B.16.1.3 If the parent <BIR> element has a child <SB> element, then the <FormatType> element shall be present in this <SBInfo> element unless it is present in the child <SBInfo> element of an ancestor <BIR> element (see also B.11.1.5).
NOTE 1 – The ancestor <BIR> elements mentioned in the last two subclauses above need not be the same.
NOTE 2 – When the parent <BIR> element has a child <SB> element and one omits both children of the <SBInfo> element, the <SBInfo> element will have no attributes and an empty content. Omission of the <SBInfo> element is not allowed in this case (see B.11.1.5).
B.16.2 SemanticsB.16.2.1 If the BIR has an SB (the <BIR> element has a child <SB> element), then the <SBInfo> element carries information about that SB. In addition, if the BIR has one or more child BIRs (the <BIR> element has one or more child <BIR> elements), the information carried by the child element of the <SBInfo> element is inherited by those child BIRs except where overridden by a corresponding child element of the <SBInfo> element of a child BIR. The information inherited by a BIR with an SB applies to that SB, and (if the BIR has itself child BIRs) is further inherited by its child BIRs in the same way (and so on recursively).B.16.2.2 Table B.3 specifies the correspondence between the attributes and child elements of this element and CBEFF data elements, and specifies the supported abstract values and their encodings (see also B.10.7).
NOTE – This element represents all CBEFF data elements whose name begins with "CBEFF_SB_".
Table B.3 – SB information
CBEFF data element name XML element Supported abstract values and encodings
Reference
CBEFF_SB_format_owner <FormatOwner> All integers in the range 1 to 65535 are supported.The integers shall be encoded as specified in B.17.
CBEFF_SB_format_type <FormatType> All integers in the range 1 to 65535 are supported.The integers shall be encoded as specified in B.17.
B.17 Representation of IntegersB.17.1 A non-negative integer shall be represented as a string of one or more ISO/IEC 10646 characters in the range DIGIT ZERO to DIGIT NINE ("0" to "9") in decimal notation.
B.17.2 A negative integer shall be represented as the corresponding positive integer, preceded by a HYPHEN-MINUS character ("-").
B.17.3 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the encoding.
B.18 Representation of Octet StringsB.18.1 An octet string shall be represented as a string of the following ISO/IEC 10646 characters:a) LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER Z;
b) LATIN SMALL LETTER A to LATIN SMALL LETTER Z;
c) DIGIT ZERO to DIGIT NINE;
d) PLUS SIGN;
e) SOLIDUS;
f) EQUALS SIGN.
forming the Base64 encoding of the octet string (see IETF RFC 2045), with all whitespace removed.B.18.2 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the encoding.
B.19 Representation of Date and Time of the DayB.19.1 A date and time of the day shall be represented as a string of ISO/IEC 10646 characters in the following format, which conforms to ISO 8601. B.19.2 The encoding shall be the concatenation of all the following components (in order):a) the "year" component, consisting of the year encoded in four digits ("2000" to "2999") ;
b) the hyphen character “-“
c) the "month" component, consisting of the month encoded in two digits ("01" to "12");
d) the hyphen character “-“
e) the "day" component, consisting of the day encoded in two digits ("01" to "31");
f) the letter "T";
g) the "hour" component, consisting of the hour encoded in two digits ("00" to "23");
h) the colon character “:”
i) the "minute" component, consisting of the minute encoded in two digits ("00" to "59");
j) the colon character “:”
k) the "second" component, consisting of the second encoded in two digits ("00" to "59");
l) the letter "Z".
B.19.3 The "year", "month", "day", “hour”, “minute”, and “second” components shall be present. B.19.4 The letter "T" shall be present.
B.19.5 The letter "Z" shall be present whether or not the "hour" component is present.
B.19.6 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the encoding.
B.20 Representation of Universally Unique IdentifiersNOTE: The following subclauses describe the same representation of a UUID as is specified in ISO/IEC 9834-8, clause 8. An example of such a representation is: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
B.20.1 A universally unique identifier (UUID) shall be represented as a string of ISO/IEC 10646 characters. Each string shall contain exactly 36 characters from the union of the following sets:
a) DIGIT ZERO to DIGIT NINE ("0" to "9"), each representing a hexadecimal digit 0 through 9;
b) LATIN CAPITAL LETTER A to LATIN CAPITAL LETTER F ("A" to "F"), each representing a hexadecimal digit A through F;
c) LATIN SMALL LETTER A to LATIN SMALL LETTER F ("a" to "f"), each representing a hexadecimal digit A through F; and
d) HYPHEN-MINUS ("-").
B.20.2 Each of the positions 9, 14, 19, and 24 of an encoding shall contain a character from set (d). The other 32 positions shall contain characters from sets (a) through (c).B.20.3 Arbitrary whitespace is allowed before and after the encoding, but is forbidden inside the encoding.
B.21 Patron format conformance statement
B.21.1 Identifying informationRequired Information Patron format reference
NOTE NO VALUE AVAILABLE is encoded by the absence of optional fields in the XML encoding. There is little value in, for example, having the following string appear in a record: <level> no value available <level>.
B.23 Sample BIR encodingAn example of a simple BIR in XML encoding (complying with the XSD schema and the normative textual description) follows.
Appendix C. Use Cases (non-normative)The intent of this annex is to provide operational sequence diagrams / flow charts that show how the higher level usage scenarios within Error: Reference source not found could be implemented using the BIAS SOAP profile. The following use cases are given:
C.1 Verification Use CaseThis use case uses the aggregate Verify operation in which a single request results in some set of operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service provider.
BIAS Client BIAS Server Agent BIAS Impl
MatchDecision
Client Application
Note that 1. CheckQuality, TransformBiometricData, VerifySubject can be exposed as interfaces of BIAS server agent.
C.2 Asynchronous Verification Use CaseIn this use case, the requester issues two requests – the BIAS Verify request to initiate the operation followed by a BIAS GetVerifyResult request to retrieve the results of that operation.
BIAS Client BIAS Server Agent BIAS Impl
MatchDecision
Client Application
GetVerfiyResult
Periodically Polling
Note that 1. CheckQuality, TransformBiometricData, VerifySubject can be exposed as interfaces of BIAS server agent.
C.3 Primitive Verification Use CaseIn this use case, the verification operation is performed as a series of requests using the BIAS primitive operations. In this case, the client rather than the service provider controls the workflow of the higher level operation.
C.4 Identification Use CaseThis use case uses the aggregate Identify operation in which a single request results in some set of operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service provider.
BIAS Client BIAS Server Agent BIAS Impl
CandidateList
Client Application
Note that 1. CheckQuality, TransformBiometricData, IdentifySubject can be exposed as interfaces of BIAS server agent.
C.5 Biometric Enrollment Use CaseThis use case uses the aggregate Enroll operation in which a single request results in some set of operations (in this case, a series of primitive BIAS operations) being performed by the BIAS service provider.Here, if the result of the IdentifySubject is no matches found, then the subject is added to the gallery. If a match had been found then other logic may have been applied (e.g., return candidate list, add encounter for existing subject, etc.).
C.6 Primitive Enrollment Use CaseIn this use case, the enrollment operation is performed as a series of requests using the BIAS primitive operations. In this case, the client rather than the service provider controls the workflow of the higher level operation.
Appendix E. AcknowledgementsThe following individuals have participated in the creation of this specification and are gratefully acknowledged:
Participants:!!br0ken!!
Name Affiliation
Mr. Young Bang Booz Allen Hamilton
Mr. Ed. Clay Sun
Mr. Murty Gurajada * Raining Data Corporation
Mr. Dale Hapeman US Department of Defense
Dr. Charles Li Raytheon
Mr. Kevin Mangold NIST
Mr. John Mayer-Splain US Department of Homeland Security
Dr. Ross Michaels NIST
Mr. Ramesh Nagappan Sun
Mr. Ash Parikh * Raining Data Corporation
Mr. Matthew Swayze Daon
Mr. Guy Swope* Raytheon
Mrs. Catherine Tilton Daon
Mr. Alessandro Triglia* OSS Nokalva
Mr. Matthew Young US Department of Defense
Mr. Brad Wing NIST (formerly DHS)
Mr. Michael Wittman* Raytheon
Mr. Gregory Zektser Booz Allen Hamilton
* Though no longer members of the BIAS TC at time of publication, these individuals contributed in the early stages of the development of this standard.In addition, the inputs from the ISO/IEC technical committee are also gratefully appreciated.